Cisco has changed its ways! Cisco ASA now supports NetFlow. The new feature in Cisco ASA version 8.2 is called NSEL (NetFlow Security Event Logging) and it allows all ASA models to support NetFlow. Below I have provided the NetFlow configuration of a Cisco ASA.  Check out the latest Cisco NSEL reports.

flow-export destination inside x.x.x.x xxxx(Collector & Port)
access-list flow_export_acl pprod_small_photo0900aecd802856f5ermit ip host x.x.x.x host x.x.x.x

class-map flow_export_class
match access-list flow_export_acl

policy-map flow_export_policy
class flow_export_class

flow-export event-type flow-creation destination
(Collector IP)

service-policy flow_export_policy global

To see all event type records with NetFlow
event-type all

If you disable logging for flow export events this will increase performance
logging flow-export syslogs disable

The CLI is great but, configuring the ASA to export NetFlow is easier with Cisco ASDM.

May 29th, 2012 UPDATE:  New Cisco NSEL Reports in Scrutinizer v9.  Check them out.

Jamie Lee

Jamie Lee is the west coast Regional Manager at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long-lasting relationships with his clients. Jamie loves the outdoors and his favorite hobbies include fishing, hiking, and football.


Leave a Reply