What’s your favorite color? Chances are that your favorite color is not the same as mine. When you use Windows, are you a fan of the old classic view, or do you go for the new Windows look?

We have all been talking about Plixer’s NetFlow analyzer, and how it provides the best in traffic analysis, with its ability to support Flexible NetFlow, NBAR, and Cisco ASA NSEL. But did you know that as a Scrutinizer user, you have different options when it comes to how you want our NetFlow and sFlow Traffic Analysis Tool to look?

Currently there are 5 different skin types available to select from. They are configurable on a per user basis. So if you are in a dark kind of mood, you can change to a dark skin with either green or yellow text.

Read more »

Yes, you can use NetFlow to monitor traffic and bandwidth usage on an ASA.

One of the primary uses for NetFlow on a Cisco ASA is as a transport protocol for security events. But if you are using the right NetFlow Analysis tool, you can also analyze traffic using NetFlow sent from the Cisco ASA.

This is really important as I have seen many companies that have remote sites that are connected with a Cisco ASA, but had no devices behind the ASA’s that supported NetFlow. This meant that they couldn’t leverage NetFlow to analyze traffic.

Read more »

A few months ago Nathan invited us to take a deeper look at NSEL. NSEL is the NetFlow exported from an ASA Firewall. He showed us how to enable and configure ASA for NetFlow.

Traditional NetFlow records upstream and downstream traffic between two end points as two different flows. In the case of an ASA device, most bidirectional flows are already assembled internally and are considered a single flow. So the flow records reported by NetFlow on an ASA Firewall will describe both directions of the flow.

Today I am going to do brief overview of what each of the templates is telling us.

Read more »

NSEL (NetFlow Security Event Logging) is the type of NetFlow exported from an ASA Firewall. The purpose of NSEL is to track firewall events via NetFlow and to have a summary of all conversations associated with that event type.

The three most popular event types that trigger a NetFlow record are:

                                            * flow-create
                                            * flow-denied
                                            * flow-teardown

Read more »

A while ago I had a customer ask me about getting MAC addresses using Flexible NetFlow (aka NetFlow v9).  Yes, it is possible but, two issues come into play when getting it to work properly. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

When Cisco launched the release of ASA software v8.2, there was a LOT of excitement. Finally, Cisco had included NetFlow support for another key device in everyone’s network. Naturally, everyone ran around looking for the latest configs to enable NetFlow for the ASA.

However, once NetFlow collectors got their hands on those ASA NetFlow records, we all saw some really strange results.

A couple of months ago, we had asked our customers to help us in finding some answers. With the assistance of Wireshark, we collected a plethora of data to make sense of this puzzle.
After diligent study, we finally had some answers…

Read more »

Get started with Cisco ASDM 6.2
To setup the NetFlow export from your ASA which must be running version 8.2.1 or newer, bring up the Cisco ASDM (Adaptive Security Device Manager) and setup the NetFlow exporters:

Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

Hey guys! I hope everyone is enjoying what they are seeing so far in our Scrutinizer v7 NetFlow collector release. I’m hearing a lot of good things from our existing customers, so I’m glad the hard work has paid off.

I’m sure you all noticed the huge changes that have occurred, whether it be IPv6, Flexible NetFlow or ASA NSEL support. With all of these new features, I wanted to remind you to watch the recently posted video tutorials to get comfortable with navigating the new product and finding the features you were looking for.

Here’s a great video that shows you how to create specific filters for your traffic. This new filter function has replaced the CUSTOM REPORTS option in v6. You’ll love it. Go ahead and take a look: Read more »

Scrutinizer v7 for NetFlow and sFlow analysis has been released. This new version of our network traffic analysis solution is 100% free. Plixer’s new model is to build a business around the modules:

• Central Interface for Distributed NetFlow collectors
• Flow Analytics for Network Behavior Analysis and archiving of data.
• Service Provider Module for setting up per login permissions to see only certain data.

Read more »