Cisco Systems OL-16647-01 Matching NetFlow Events to Configured Collectors

17-19

Cisco ASDM User Guide

OL-16647-01

Chapter 17 Configuring Logging

Using NetFlow

Step 6 When NetFlow is enabled, certain syslog messages become redundant. To maintain system performance,

we recommend that you disable all redundant syslog messages, because the same information is exported

through NetFlow. To disable all redundant syslog messages, check the Disable redundant syslog

messages check box. To display the redundant syslog messages and their status, click Show Redundant

Syslog Messages.

The Redundant Syslog Messages dialog box appears. The Syslog ID field displays the redundant syslog

message numbers. The Disabled field indicates whether or not the specified syslog message is disabled.

Click OK to close this dialog box.

To disable individual redundant syslog messages, choose Configuration > Device Management >

Logging > Syslog Setup.

Step 7 To continue, see the “Matching NetFlow Events to Configured Collectors” section on page 17-19.

Step 8 Click Apply to save your changes. Click Reset to enter new settings.

Matching NetFlow Events to Configured Collectors

After you configure NetFlow collectors, you can match a NetFlow event with any of these configured

collectors.

To specify which NetFlow events should be sent to which collector, perform the following steps:

Step 1 In the ASDM main application window, choose Configuration > Firewall > Service Policy Rules.

Step 2 Choose Global Policy in the table, and click Add to display the Add Service Policy Rule dialog box.

For more information about service policy rules, see the “Adding a Service Policy Rule for Through

Traffic” section on page 22-6.

Note NetFlow actions are available only for global service policy rules and are applicable only to the

class-default traffic class and to traffic classes with traffic match criteria of “Source and

Destination IP Address (uses ACL)” or “Any traffic.”

Step 3 Click the Rule Actions tab, and then click the NetFlow tab.

Step 4 Click Add to display the Add Flow Event dialog box.

Step 5 Choose the flow event type from the drop-down list. Available options are created, torn down, denied,

or all events.

Step 6 Choose collectors to which you want events sent by checking the corresponding check boxes in the Send

column.

Step 7 To add, edit or delete collectors, click Manage to display the list of configured collectors in the Manage

NetFlow Collectors dialog box. To continue, see Step 3 of the “Using NetFlow” section on page 17-18.

Step 8 To change settings for a configured collector, select it from the list and click Edit. To remove a collector

from this list, select it from the list and click Delete.

Step 9 In the Redundant Syslog Messages area, to disable redundant syslog messages and maintain current

performance levels, check the Disable redundant syslog messages check box. Click Show Redundant

Syslog Messages to display a list of redundant syslog messages and their status (disabled or not). You

can disable or enable individual syslog messages later by choosing Configuration > Device

Management > Logging. Click OK to close the Redundant Syslog Messages dialog box.