Manufacturer: Cisco
Model(s): ASA Firewalls
Version(s): 8.4(5) and newer
URL: https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/asa_netflow.html
Notes:
- Capable of Network Secure Event Logging (NSEL) exports
- The flow-update event is not available in Version 9.0(1). It is available in Versions 8.4(5), and 9.1(2) and later.
Configuration steps NSEL exporting
- Configure NSEL logging
flow-export destination MGMT <IP of Plixer Collector> 2055
flow-export template timeout-rate 5
flow-export active refresh-interval 1
|
CLI command |
Description |
flow-export destination MGMT <IP of Plixer Collector> <UDP port> |
Add the Plixer collector to which NetFlow packets may be sent. Tytpical ports are 2055 or 9995 |
flow-export template timeout-rate 5 |
Specifies the interval at which template records are sent to the Plixer collector. 5 minutes are recommended. |
flow-export active refresh-interval 1 |
Specifies interval at which flow-update events are sent to the Plixer collector. 1 minute is recommended. |
- Define which events to forward
policy-map global_policy
class class-default
flow-export event-type all destination <IP of Plixer Collector>
|
CLI command |
Description |
flow-export event-type all destination <IP of Plixer Collector> |
Filter to send all events to the Plixer Collector. |
- (Optional) Validation Commands
show flow-export counters