Finally, Cisco ASA NSEL details from a best at NetFlow reporting solution. NSEL allows for reporting on the non-traditional elements such as username, NAT, ACLs, etc. If you have not worked with technology before you may be pondering where all of this information comes from, and what it means. Today I will help clarify this for you by comparing Cisco’s event ID’s to syslogs.

You may have already noticed that NSEL is similar to syslogs; before Cisco ASA Release 8.1, Cisco ASA events were exported exclusively through system log messages and SNMP traps. NSEL can transmit much of the same syslog information in a less CPU-intensive, more secure and bandwidth-efficient way. Because of the way it was implemented most of the NSEL events will have a syslog equivalent.

Now let’s first take a look at the Cisco ASA Event ID’s:
• 0—Default (ignore)
• 1—Flow created
• 2—Flow deleted
• 3—Flow denied

As you can see with this very small example, you can get a lot of valuable data on NAT, ACLs, threats, cloud service monitoring, and much more. Now let’s dig in a little deeper and take a look at some of the Syslog Messages and Equivalent NSEL Extended Events.
Are you looking for a best at NetFlow reporting and insight into security threats? Well look no further! Contact us today if you would like to see the advanced NSEL reports on the Cisco ASA.

Jimmy Wendler

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: Cisco ASA, cisco asa netflow, Cisco NetFlow, Cisco NSEL, Denied flow, Terminated flow

This entry was posted on Wednesday, July 25th, 2012 at 8:57 am and is filed under ASA, cisco ASA, cloud service monitoring. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.