Cisco Cisco ASA 5512-X Adaptive Security Appliance
21
Cisco ASA NetFlow Implementation Guide
Configure NSEL Collectors (CLI)
The destination keyword indicates that a NSEL collector is being configured. The interface-name
argument is the name of the ASA and ASA Services Module interface through which the collector is
reached. The ipv4-address argument is the IP address of the machine running the collector application.
The hostname argument is the destination IP address or name of the collector. The udp-port argument is
the UDP port number to which NetFlow packets are sent.
argument is the name of the ASA and ASA Services Module interface through which the collector is
reached. The ipv4-address argument is the IP address of the machine running the collector application.
The hostname argument is the destination IP address or name of the collector. The udp-port argument is
the UDP port number to which NetFlow packets are sent.
You can configure a maximum of five collectors. After a collector is configured, template records are
automatically sent to all configured NSEL collectors.
automatically sent to all configured NSEL collectors.
Note
Make sure that collector applications use the Event Time field to correlate events.
Step 2
Repeat the first step to configure more collectors.
Configure Flow-Export Actions Through Modular Policy Framework
To configure flow-export actions through Modular Policy Framework, perform the following steps:
Procedure
Step 1
Define the class map that identifies traffic for which NSEL events need to be exported.
class-map
flow_export_class
Example:
ciscoasa(config-pmap)# class-map flow_export_class
The flow_export_class argument is the name of the class map.
Step 2
Choose one of the following options:
•
Configure the ACL to match specific traffic.
match access-list
flow_export_acl
Example:
ciscoasa(config-cmap)# match access-list flow_export_acl
The flow_export_acl argument is the name of the ACL.
•
Match any traffic.
match any
Example:
ciscoasa(config-cmap)# match any
Step 3
Define the policy map to apply flow-export actions to the defined classes.
policy-map
flow_export_policy
Example:
ciscoasa(config)# policy-map flow_export_policy