Cisco Cisco ASA for Nexus 1000V Series Switch
6
Cisco ASA NetFlow Implementation Guide
About NSEL
Event IDs Field
The Event ID field describes the event that resulted in the NSEL record.
lists the values for event
IDs.
Extended Event IDs Field
The extended event ID provides additional information about a particular event. This field includes a
product-specific field ID (33002).
product-specific field ID (33002).
lists the values for extended event IDs.
NF_F_INGRESS_ACL_ID
33000
12
The input ACL that permitted or denied the flow
All ACL IDs are composed of the following
three, four-byte values:
three, four-byte values:
•
Hash value or ID of the ACL name
•
Hash value, ID, or line of an ACE within the
ACL
ACL
•
Hash value or ID of an extended ACE
configuration
configuration
NF_F_EGRESS_ACL_ID
33001
12
The output ACL that permitted or denied a flow
AAA Fields
NF_F_USERNAME
40000
20
AAA username
NF_F_USERNAME_MAX
40000
65
AAA username of maximum permitted size
Table 2
Data Records Exported Through NSEL (continued)
ID TYPE
LEN
DESC
Table 3
Values for Event IDs
Event ID
Description
0
Ignore—This value indicates that a field must be ignored and is not used in the current
release.
release.
1
Flow created—This value indicates that a new flow was created.
2
Flow deleted—This value indicates that a flow was deleted.
3
Flow denied—This value indicates that a flow was denied.
5
Flow updated—This value indicates that a flow timer went off or a flow was torn down.
Table 4
Values for Extended Event IDs
Extended Event ID
Event
Description
0
Ignore
This value indicates that the field must be ignored.
> 1000
Flow denied
Values above 1000 represent various reasons for why a flow was
denied.
denied.
1001
Flow denied
A flow was denied by an ingress ACL.
1002
Flow denied
A flow was denied by an egress ACL.