NSEL (NetFlow Security Event Logging) is the type of NetFlow exported from an ASA Firewall. The purpose of NSEL is to track firewall events via NetFlow and to have a summary of all conversations associated with that event type.
The three most popular event types that trigger a NetFlow record are:
As a savvy Network Administrator, you have taken all the steps necessary to enable NSEL NetFlow export from your ASA Firewall. But don’t you need to know much more than just how much traffic you have going through your ASA Firewall? You need to know who is accessing your network and what happened when they did. Using Scrutinizer v7, you have the unique ability to identify not only the traffic flow, but the event that took place.
NSEL templates follow a general NetFlow v9 format, but have unique template content depending on the event that took place. So in order to report the correct the disposition of an event, the NetFlow analyzer that you use must be able to recognize the information being sent. Scrutinizer v7 gives you the ability to do just that.
Many NetFlow Analyzers on the market today don’t have the ability to fully process NetFlow v9 templates. As a result, when any NetFlow v9 template is received, they can only report on common fields that NetFlow v5 and v9 share. This limits the report data that is available to the user when generating reports, since many of the fields are often discarded/ignored.
However, Scrutinizer v7 is unique, because it can process NetFlow v9 records, and therefore can identify the various types of NSEL templates collected, and use all of the data in those templates to generate accurate reporting for each event.