Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Configuring NSEL

77-4

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter77 Configuring NetFlow Secure Event Logging (NSEL)

Configuring NSEL

IPv6 Guidelines

Supports IPv6 for the class-map, match any and class-default commands. The match access-list

commands only support IPv4 access lists.

Additional Guidelines and Limitations

•If you have previously configured flow-export actions using the flow-export enable command, and

you upgrade to a later version, then your configuration is automatically converted to the new

Modular Policy Framework flow-export event-type command, which is described under the

policy-map command.

•Flow-export actions are not supported in interface-based policies. You can configure flow-export

actions in a class-map only with the match access-list, match any, or class-default commands. You

can only apply flow-export actions in a global service policy.

•To view bandwidth usage for NetFlow records (not available in real-time), you must use the threat

detection feature.

Configuring NSEL

This section describes how to configure NSEL and includes the following topics:

•Using NetFlow, page77-4

•Matching NetFlow Events to Configured Collectors, page77-5

The NetFlow pane lets you enable the transmission of data about a flow of packets. To access this pane,

choose Configuration > Device Management > Logging > NetFlow.

Note IP address and hostname assignments should be unique throughout the NetFlow configuration.

To use NetFlow, perform the following steps:

Step1 Enter the template timeout rate, which is the interval (in minutes) at which template records are sent to

all configured collectors. The default value is 30 minutes.

Step2 Enter the flow update interval, which specifies the time interval between flow-update events in minutes.

Valid values are from 1 - 60 minutes. The default value is 1 minute.

Step3 To delay the export of flow-creation events and process a single flow-teardown event instead of a

flow-creation event and a flow-teardown event, check the Delay export of flow creation events for

short-lived flows check box, then enter the number of seconds for the delay in the Delay By field.

Step4 Specify the collector(s) to which NetFlow packets will be sent. You can configure a maximum of five

collectors. To configure a collector, click Add to display the Add NetFlow Collector dialog box, and

perform the following steps:

a. Choose the interface to which NetFlow packets will be sent from the drop-down list.

b. Enter the IP address or hostname and the UDP port number in the associated fields.

c. Click OK.

Cisco Systems Configuring NSEL