Cisco Cisco ASA 5585-X with No Payload Encryption
13
Cisco ASA NetFlow Implementation Guide
About NSEL
Templates for Flow Denied Events
Flow denied events indicate that a flow has been denied.
describes the templates that are used
for flow denied events.
Table 7
Templates for Flow Denied Events
Description
Fields
IPv44 flow denied
NF_F_SRC_ADDR_IPV4, NF_F_SRC_PORT, NF_F_SRC_INTF_ID,
NF_F_DST_ADDR_IPV4, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE, NF_F_ICMP_CODE,
NF_F_XLATE_SRC_ADDR_IPV4, NF_F_XLATE_DST_ADDR_IPV4,
NF_F_XLATE_SRC_PORT, NF_F_XLATE_DST_PORT,
NF_F_FW_EVENT, NF_F_FW_EXT_EVENT,
NF_F_EVENT_TIME_MSEC, NF_F_INGRESS_ACL_ID,
NF_F_EGRESS_ACL_ID
NF_F_DST_ADDR_IPV4, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE, NF_F_ICMP_CODE,
NF_F_XLATE_SRC_ADDR_IPV4, NF_F_XLATE_DST_ADDR_IPV4,
NF_F_XLATE_SRC_PORT, NF_F_XLATE_DST_PORT,
NF_F_FW_EVENT, NF_F_FW_EXT_EVENT,
NF_F_EVENT_TIME_MSEC, NF_F_INGRESS_ACL_ID,
NF_F_EGRESS_ACL_ID
IPv4 flow denied, no xlate
fields present
fields present
NF_F_SRC_ADDR_IPV4, NF_F_SRC_PORT, NF_F_SRC_INTF_ID,
NF_F_DST_ADDR_IPV4, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE, NF_F_ICMP_CODE,
NF_F_FW_EVENT, NF_F_FW_EXT_EVENT,
NF_F_EVENT_TIME_MSEC, NF_F_INGRESS_ACL_ID,
NF_F_EGRESS_ACL_ID
NF_F_DST_ADDR_IPV4, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE, NF_F_ICMP_CODE,
NF_F_FW_EVENT, NF_F_FW_EXT_EVENT,
NF_F_EVENT_TIME_MSEC, NF_F_INGRESS_ACL_ID,
NF_F_EGRESS_ACL_ID
IPv66 flow denied
NF_F_SRC_ADDR_IPV6, NF_F_SRC_PORT, NF_F_SRC_INTF_ID,
NF_F_DST_ADDR_IPV6, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE_IPV6,
NF_F_XLATE_SRC_ADDR_IPV6, NF_F_XLATE_DST_ADDR_IPV6,
NF_F_XLATE_SRC_PORT, NF_F_XLATE_DEST_PORT,
NF_F_ICMP_CODE_IPV6, NF_F_FW_EVENT,
NF_F_FW_EXT_EVENT, NF_F_EVENT_TIME_MSEC,
NF_F_INGRESS_ACL_ID, NF_F_EGRESS_ACL_ID
NF_F_DST_ADDR_IPV6, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE_IPV6,
NF_F_XLATE_SRC_ADDR_IPV6, NF_F_XLATE_DST_ADDR_IPV6,
NF_F_XLATE_SRC_PORT, NF_F_XLATE_DEST_PORT,
NF_F_ICMP_CODE_IPV6, NF_F_FW_EVENT,
NF_F_FW_EXT_EVENT, NF_F_EVENT_TIME_MSEC,
NF_F_INGRESS_ACL_ID, NF_F_EGRESS_ACL_ID
IPv6 flow denied, no xlate
fields present
fields present
NF_F_SRC_ADDR_IPV6, NF_F_SRC_PORT, NF_F_SRC_INTF_ID,
NF_F_DST_ADDR_IPV6, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE_IPV6,
NF_F_ICMP_CODE_IPV6, NF_F_FW_EVENT,
NF_F_FW_EXT_EVENT, NF_F_EVENT_TIME_MSEC,
NF_F_INGRESS_ACL_ID, NF_F_EGRESS_ACL_ID
NF_F_DST_ADDR_IPV6, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE_IPV6,
NF_F_ICMP_CODE_IPV6, NF_F_FW_EVENT,
NF_F_FW_EXT_EVENT, NF_F_EVENT_TIME_MSEC,
NF_F_INGRESS_ACL_ID, NF_F_EGRESS_ACL_ID
IPv46 flow denied
NF_F_SRC_ADDR_IPV4, NF_F_SRC_PORT, NF_F_SRC_INTF_ID,
NF_F_DST_ADDR_IPV4, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE, NF_F_ICMP_CODE,
NF_F_XLATE_SRC_ADDR_IPV6, NF_F_XLATE_DST_ADDR_IPV6,
NF_F_XLATE_SRC_PORT, NF_F_XLATE_DST_PORT,
NF_F_FW_EVENT, NF_F_FW_EXT_EVENT,
NF_F_EVENT_TIME_MSEC, NF_F_INGRESS_ACL_ID,
NF_F_EGRESS_ACL_ID
NF_F_DST_ADDR_IPV4, NF_F_DST_PORT, NF_F_DST_INTF_ID,
NF_F_PROTOCOL, NF_F_ICMP_TYPE, NF_F_ICMP_CODE,
NF_F_XLATE_SRC_ADDR_IPV6, NF_F_XLATE_DST_ADDR_IPV6,
NF_F_XLATE_SRC_PORT, NF_F_XLATE_DST_PORT,
NF_F_FW_EVENT, NF_F_FW_EXT_EVENT,
NF_F_EVENT_TIME_MSEC, NF_F_INGRESS_ACL_ID,
NF_F_EGRESS_ACL_ID