Join the Cisco ASA NSEL Webcast and learn about our new NetFlow NSEL (Network Secure Event Logging) reporting capabilities. This webcast will provide details on NSEL reporting as well as information on lowering the risk of C&C bots, Advanced Persistent Threats and other internet hosts with a poor IP host reputation. See several of over a dozen new ASA NSEL Reports:

Read more »

James

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

Recently we created a bunch of new NetFlow reports for the exports and a solution for NAT Session Logging was one of the goals. This is not the first time we have created reports for this. We have also created NetFlow NAT Reports for:

• Palo Alto NetFlow exports
• Cisco ASR NetFlow exports

If you need help with your Cisco ASA NetFlow Configuration using ASDM there are some great “how to” videos on youtube.com. Reporting on NAT with NetFlow is sure to improve your network traffic monitoring efforts.

We also created some nifty reports that display the ACLs violated.

Let us know if you need any help setting all this up.

 

- Thomas Pore

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

We have beefed up our Cisco ASA NSEL Reporting using of course NetFlow. NSEL = NetFlow Secure Event logging and ASA = Adaptive Security Appliances. What is interesting about Cisco ASA NSEL NetFlow is that according to the documentation we have, the NetFlow exports kick out several different templates.  The most popular of which seem to be these:

• Extended: if the flow is torn down before the configured delay, the flow-create event is not sent; an extended flow teardown event is sent instead.
• Denied: flow was explicitly denied from being created in the first place. A Denied no XLATE event shows that the event was denied and no translation of the source and destination IP addresses and ports is done. This is typical when using NAT addresses.
• Flow Created: event is exported as soon as the flow is created

• Teardown: events indicate that an existing flow in the flow database of the appliance has ended. It could be due to “natural” causes (TCP: fin/fin-ack/ack, UDP: firewall times it out), or it could be a flow that has a problem detected midstream and the firewall shuts it off. The Teardown event will give you the total byte count (both inbound and outbound) for the entire flow in the octetTotalCounts field.

Read more »

Aaron

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

Occasionally we hear talk of bidirectional flows, deduplication, flow stitching and sometimes questions about RFC 5103 spring up. Today I’ll outline what these technologies are as well as the good and bad aspects of both.  Our NetFlow analyzer supports all of them.

Read more »

Michael Patterson
Scrutinizer Product Manager
Click to download Scrutinizer now!
Join NetFlow Developments on Linkedin.com

Since NetFlow is template-based, how does a collector know one template from another? The answer is simple, Intelligent Template Recognition ™. In short, a collector receives flows with packets and uses templates to decode the information in the packets. With Intelligent Template Recognition ™ it automatically knows how to name the templates. But how does the collector know how to name the template?

Read more »

Jimmy Wendler

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

 

Are you thinking about migrating to Flexible NetFlow (aka FnF)?   If you are, you are probably aware that FnF brings the following to NetFlow:

• NetFlow NBAR for application recognition
• Performance Monitoring “Cisco Medianet”
• Layer 2 information
• Export to unlimited collectors
• Much more…..

Read more »

Joanne Ghidoni
Sr. Solutions Engineer

Visit our website to download a 30 day trial of Scrutinizer.

Join the NetFlow Developments group on LinkedIn.

How many of you use the ASDM interface of your Cisco ASA to view traffic patterns in real-time? I thought it was pretty slick when one of our customers showed it to me a few years ago. We have since acquired our own Cisco ASA and have started learning more about the Cisco ASA NetFlow exports. Below is a screen capture showing how it can trend the volume of traffic, volume of connections as well as the CPU and memory usage all in real-time.

Read more »

- Thomas Pore

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

NetFlow has come a long way in the last few years.  For example, here’s a list of some new information that can now be monitored and filtered on by exporting NetFlow or IPFIX packets from your routers, switches, and firewalls.

•    Medianet
•    Host/Application Latency
•    VoIP with Caller ID
•    Configuring Cisco ASA NetFlow Exports
•    NBAR
•    URLs
•    Mac Address and VLAN

Now that’s a whole lot of information that you can get from your NetFlow Analyzer!

So what is all this new information?

Read more »

Joanne Ghidoni
Sr. Solutions Engineer

Visit our website to download a 30 day trial of Scrutinizer.

Join the NetFlow Developments group on LinkedIn.

Our Product Manager, Michael Patterson, has recorded another great video about configuring NetFlow exports on the Cisco ASA Firewall using ASDM.

Read more »

Paul Dube

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

At the support desk we often help customers set up configurations to enable NetFlow and sFlow on a number of different device types. The device types always seem to come in waves, or what I call, “the flavor of the week.” Last week I set up a number of Cisco ASA firewalls. This week I have been setting up a bunch of Cisco 6500 Catalyst Series Switches.

Often customers initially set these Cisco switches up with the traditional NetFlow commands and then see traffic under reported when looking at details from our NetFlow reporting tool. Read more »