Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册

Cisco

19

XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(3)

Global NetFlow

Global NetFlow

This XML example sets up the NetFlow feature. The example shows how to create a simple access list
to which traffic is matched, creates a NetFlow object, and enables NetFlow globally for the NetFlow
objects. Also included is NetFlow on internal and external interfaces.

ASA Configuration

class-map netflow_default

match any

flow-export destination management-utility 1.2.3.4 1024

flow-export template timeout-rate 120

flow-export delay flow-create 60

flow-export active refresh-interval 30

class netflow_default

flow-export event-type all destination 1.2.3.4

XML Example

<polUni>

<fvTenant name="tenant1">

<vnsLDevVip name="Firewall">

<vnsDevFolder key="NetFlowObjects" name="ObjectA">

<vnsDevFolder key="TemplateAndCollectors" name="TemplateA">

<vnsDevParam key="template_timeout_rate" name="timeout" value="120"/>

<vnsDevParam key="delay_flow_create" name="delay" value="60"/>

<vnsDevParam key="active_refresh_interval" name="refresh" value="30"/>

<vnsDevFolder key="NetFlowCollectors" name="CollectorA">

<vnsDevParam key="status" name="status" value="enable"/>

<vnsDevParam key="host" name="host" value="1.2.3.4"/>

<vnsDevParam key="port" name="port" value="1024"/>

</vnsDevFolder>

</vnsDevFolder>

</vnsDevFolder>

<vnsDevFolder key="GlobalServicePolicy" name="GlobalPolicyA">

<vnsDevParam key="ServicePolicyState" name="PolicyState" value="enable"/>

<vnsDevFolder key="NetFlow" name="NetFlowPolicyA">

<vnsDevFolder key="NetFlowSettings" name="SettingA">

<vnsDevFolder key="ExportAllEvent" name="ExportAll">

<vnsDevParam key="status" name="status" value="enable"/>

<vnsDevParam key="event_destination" name="dest" value="1.2.3.4"/>

</vnsDevFolder>

</vnsDevFolder>

</vnsDevFolder>

</vnsDevFolder>

</vnsLDevVip>

</fvTenant>

</polUni>