A few months ago Nathan invited us to take a deeper look at NSEL. NSEL is the NetFlow exported from an ASA Firewall. He showed us how to enable and configure ASA for NetFlow.

Traditional NetFlow records upstream and downstream traffic between two end points as two different flows. In the case of an ASA device, most bidirectional flows are already assembled internally and are considered a single flow. So the flow records reported by NetFlow on an ASA Firewall will describe both directions of the flow.

Today I am going to do brief overview of what each of the templates is telling us.

Read more »

NSEL (NetFlow Security Event Logging) is the type of NetFlow exported from an ASA Firewall. The purpose of NSEL is to track firewall events via NetFlow and to have a summary of all conversations associated with that event type.

The three most popular event types that trigger a NetFlow record are:

                                            * flow-create
* flow-denied
* flow-teardown

Read more »

A while ago I had a customer ask me about getting MAC addresses using Flexible NetFlow.  Yes, it is possible but, two issues come into play when getting it to work properly. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

When Cisco launched the release of ASA software v8.2, there was a LOT of excitement. Finally, Cisco had included NetFlow support for another key device in everyone’s network. Naturally, everyone ran around looking for the latest configs to enable NetFlow for the ASA.

However, once NetFlow collectors got their hands on those ASA NetFlow records, we all saw some really strange results.

A couple of months ago, we had asked our customers to help us in finding some answers. With the assistance of Wireshark, we collected a plethora of data to make sense of this puzzle.
After diligent study, we finally had some answers…

Read more »

Get started with Cisco ASDM 6.2
To setup the NetFlow export from your ASA which must be running version 8.2.1 or newer, bring up the Cisco ASDM (Adaptive Security Device Manager) and setup the NetFlow exporters:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Hey guys! I hope everyone is enjoying what they are seeing so far in our Scrutinizer v7 NetFlow collector release. I’m hearing a lot of good things from our existing customers, so I’m glad the hard work has paid off.

I’m sure you all noticed the huge changes that have occurred, whether it be IPv6, Flexible NetFlow or ASA NSEL support. With all of these new features, I wanted to remind you to watch the recently posted video tutorials to get comfortable with navigating the new product and finding the features you were looking for.

Here’s a great video that shows you how to create specific filters for your traffic. This new filter function has replaced the CUSTOM REPORTS option in v6. You’ll love it. Go ahead and take a look: Read more »

Scrutinizer v7 for NetFlow and sFlow analysis has been released. This new version of our network traffic analysis solution is 100% free. Plixer’s new model is to build a business around the modules:

• Central Interface for Distributed NetFlow collectors
• Flow Analytics for Network Behavior Analysis and archiving of data.
• Service Provider Module for setting up per login permissions to see only certain data.

Read more »