78-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter78 Configuring NetFlow Secure Event Logging (NSEL)
Configuring NSEL
Configuring NSEL Collectors
To configure NSEL collectors, enter the following command:
What to Do Next
See the “Configuring Flow-Export Actions Through Modular Policy Framework” section on page78-5.
Configuring Flow-Export Actions Through Modular Policy Framework
To export NSEL events by defining all classes with flow-export actions, perform the following steps:
Command Purpose
flow-export destination interface-name
ipv4-address|hostname udp-port
Example:
hostname (config)# flow-export destination inside
209.165.200.225 2002
Adds, edits, or deletes an NSEL collector to which NetFlow
packets are sent. The destination keyword indicates that a
NSEL collector is being configured. The interface-name
argument is the name of the ASA and ASA Services Module
interface through which the collector is reached. The
ipv4-address argument is the IP address of the machine
running the collector application. The hostname argument is
the destination IP address or name of the collector. The
udp-port argument is the UDP port number to which NetFlow
packets are sent. You can configure a maximum of five
collectors. After a collector is configured, template records
are automatically sent to all configured NSEL collectors.
Note Make sure that collector applications use the Event
Time field to correlate events.
Command Purpose
Step1 class-map flow_export_class
Example:
hostname (config-pmap)# class-map flow_export_class
Defines the class map that identifies traffic for which
NSEL events need to be exported. The
flow_export_class argument is the name of the class
map.
Step2 Choose one of the following options:
match access-list flow_export_acl
Example:
hostname (config-cmap)# match access-list
flow_export_acl
Configures the access list to match specific traffic.
The flow_export_acl argument is the name of the
access list.
match any
Example:
hostname (config-cmap)# match any
Matches any traffic.