Configuring nsel collectors – Cisco ASA 5505 User Manual

Page 1769

Advertising
background image

78-5

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 78 Configuring NetFlow Secure Event Logging (NSEL)

Configuring NSEL

Configuring NSEL Collectors

To configure NSEL collectors, enter the following command:

What to Do Next

See the

“Configuring Flow-Export Actions Through Modular Policy Framework” section on page 78-5

.

Configuring Flow-Export Actions Through Modular Policy Framework

To export NSEL events by defining all classes with flow-export actions, perform the following steps:

Command

Purpose

flow-export destination

interface-name

ipv4-address|hostname udp-port

Example:

hostname (config)# flow-export destination inside

209.165.200.225 2002

Adds, edits, or deletes an NSEL collector to which NetFlow
packets are sent. The destination keyword indicates that a
NSEL collector is being configured. The interface-name
argument is the name of the ASA and ASA Services Module
interface through which the collector is reached. The
ipv4-address argument is the IP address of the machine
running the collector application. The hostname argument is
the destination IP address or name of the collector. The
udp-port argument is the UDP port number to which NetFlow
packets are sent. You can configure a maximum of five
collectors. After a collector is configured, template records
are automatically sent to all configured NSEL collectors.

Note

Make sure that collector applications use the Event
Time field to correlate events.

Command

Purpose

Step 1

class-map

flow_export_class

Example:

hostname (config-pmap)# class-map flow_export_class

Defines the class map that identifies traffic for which
NSEL events need to be exported. The
flow_export_class argument is the name of the class
map.

Step 2

Choose one of the following options:

match access-list

flow_export_acl

Example:

hostname (config-cmap)# match access-list

flow_export_acl

Configures the access list to match specific traffic.
The flow_export_acl argument is the name of the
access list.

match any

Example:

hostname (config-cmap)# match any

Matches any traffic.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals