Cisco Cisco ASA 5512-X Adaptive Security Appliance - No Payload Encryption
25
Cisco ASA NetFlow Implementation Guide
Enable NetFlow (ASDM)
ciscoasa# clear flow-export counters
Enable NetFlow (ASDM)
To enable NetFlow, perform the following steps:
Procedure
Step 1
Choose Configuration > Device Management > Logging > NetFlow.
Step 2
Enter the template timeout rate, which is the interval (in minutes) at which template records are sent to
all configured collectors. The default value is 30 minutes.
all configured collectors. The default value is 30 minutes.
Step 3
Enter the flow update interval, which specifies the time interval between flow-update events in minutes.
Valid values are from 1 - 60 minutes. The default value is 1 minute.
Valid values are from 1 - 60 minutes. The default value is 1 minute.
Step 4
Check the Delay export of flow creation events for short-lived flows check box, then enter the number
of seconds for the delay in the Delay By field to delay the export of flow-creation events and process a
single flow-teardown event instead of a flow-creation event and a flow-teardown event,
of seconds for the delay in the Delay By field to delay the export of flow-creation events and process a
single flow-teardown event instead of a flow-creation event and a flow-teardown event,
Step 5
Specify the collector(s) to which NetFlow packets will be sent. You can configure a maximum of five
collectors. Click Add to display the Add NetFlow Collector dialog box to configure a collector, and
perform the following steps:
collectors. Click Add to display the Add NetFlow Collector dialog box to configure a collector, and
perform the following steps:
a.
Choose the interface to which NetFlow packets will be sent from the drop-down list.
b.
Enter the IP address or hostname and the UDP port number in the associated fields.
c.
Click OK.
Step 6
Repeat
to configure more collectors.
Step 7
When NetFlow is enabled, certain syslog messages become redundant. To maintain system performance,
we recommend that you disable all redundant syslog messages, because the same information is exported
through NetFlow. Check the Disable redundant syslog messages check box to disable all redundant
syslog messages. Click Show Redundant Syslog Messages to display the redundant syslog messages
and their status.
we recommend that you disable all redundant syslog messages, because the same information is exported
through NetFlow. Check the Disable redundant syslog messages check box to disable all redundant
syslog messages. Click Show Redundant Syslog Messages to display the redundant syslog messages
and their status.
The Redundant Syslog Messages dialog box appears. The Syslog ID field displays the redundant syslog
message numbers. The Disabled field indicates whether or not the specified syslog message is disabled.
Click OK to close this dialog box.
message numbers. The Disabled field indicates whether or not the specified syslog message is disabled.
Click OK to close this dialog box.
Choose Configuration > Device Management > Logging > Syslog Setup to disable individual
redundant syslog messages.
redundant syslog messages.
Step 8
Click Apply to save your changes, or click Reset to enter new settings.
Match NetFlow Events to Configured Collectors
To match a NetFlow event with any configured collector, perform the following steps:
Step 1
Choose Configuration > Firewall > Service Policy Rules.