A few months ago Nathan invited us to take a deeper look at NSEL. NSEL is the NetFlow exported from an ASA Firewall. He showed us how to enable and configure ASA for NetFlow.

Traditional NetFlow records upstream and downstream traffic between two end points as two different flows. In the case of an ASA device, most bidirectional flows are already assembled internally and are considered a single flow. So the flow records reported by NetFlow on an ASA Firewall will describe both directions of the flow.

Today I am going to do brief overview of what each of the templates is telling us.

Read more »

NSEL (NetFlow Security Event Logging) is the type of NetFlow exported from an ASA Firewall. The purpose of NSEL is to track firewall events via NetFlow and to have a summary of all conversations associated with that event type.

The three most popular event types that trigger a NetFlow record are:

                                            * flow-create
                                            * flow-denied
                                            * flow-teardown

Read more »

Get started with Cisco ASDM 6.2
To setup the NetFlow export from your ASA which must be running version 8.2.1 or newer, bring up the Cisco ASDM (Adaptive Security Device Manager) and setup the NetFlow exporters:

Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter