Cisco Cisco ASA 5545-X Adaptive Security Appliance - No Payload Encryption

For example, with two collectors, you can do the following:

Log all flow creation events to Collector 1.

Log all flow denied events matching ACL1 to Collector 1.

Log all events matching ACL1 to Collector 2. 

If the Modular Policy Framework is not configured for NetFlow, no NSEL events are generated. 

 lists the data elements that are exported from the ASAs through NSEL. The list of required data 

elements was arrived at by consolidating the data exported by syslog messages that are generated for 
events that results in the export of NSEL records.

The columns include the following information:

ID—A unique name that represents the field type

TYPE—The value assigned for this field type

LEN—The length of the field in records exported for the selected ASA 

DESC—A description of what the field type represents

NF_F_CONN_ID

148

4

An identifier of a unique flow for the device

NF_F_SRC_ADDR_IPV4

8

4

Source IPv4 address

NF_F_DST_ADDR_IPV4

12

4

Destination IPv4 address

NF_F_PROTOCOL

4

1

IP  value

NF_F_SRC_ADDR_IPV6

27

16

Source IPv6 address

NF_F_DST_ADDR_IPV6

28

16

Destination IPv6 address

NF_F_SRC_PORT

7

2

Source port

NF_F_DST_PORT

11

2

Destination port

NF_F_ICMP_TYPE

176

1

ICMP type value

NF_F_ICMP_CODE

177

1

ICMP code value

NF_F_ICMP_TYPE_IPV6

178

1

ICMP IPv6 type value

NF_F_ICMP_CODE_IPV6

179

1

ICMP IPv6 code value

NF_F_SRC_INTF_ID

10

2

Ingress IFC SNMP IF index

NF_F_DST_INTF_ID

14

2

Egress IFC SNMP IF index