Cisco ASA 5505 Configuration Manual page 1639

Chapter 72 Configuring NetFlow Secure Event Logging (NSEL)
When NetFlow is enabled, certain syslog messages become redundant. To maintain system performance,
Step 6
we recommend that you disable all redundant syslog messages, because the same information is exported
through NetFlow. To disable all redundant syslog messages, check the Disable redundant syslog
messages check box. To display the redundant syslog messages and their status, click Show Redundant
Syslog Messages.
The Redundant Syslog Messages dialog box appears. The Syslog ID field displays the redundant syslog
message numbers. The Disabled field indicates whether or not the specified syslog message is disabled.
Click OK to close this dialog box.
To disable individual redundant syslog messages, choose Configuration > Device Management >
Logging > Syslog Setup.
Step 7 Click Apply to save your changes. Click Reset to enter new settings.
What to Do Next
See the
Matching NetFlow Events to Configured Collectors
After you configure NetFlow collectors, you can match a NetFlow event with any of these configured
collectors.
To specify which NetFlow events should be sent to which collector, perform the following steps:
Step 1 In the ASDM main application window, choose Configuration > Firewall > Service Policy Rules.
To add a service policy rule, perform the following steps:
Step 2
a.
b.
c.
Note
In the Rule Actions screen, click the NetFlow tab.
Step 3
To specify flow events, click Add to display the Add Flow Event dialog box, and then perform the
Step 4
following steps:
a.
b.
OL-20339-01
"Matching NetFlow Events to Configured Collectors" section on page
Click Add to display the Add Service Policy Rule Wizard. For more information about service
policy rules, see the "Adding a Service Policy Rule for Through Traffic" section on page
Click the Global - applies to all interfaces radio button to apply the rule to the global policy. Click
Next.
Check the Source and Destination IP Address (uses ACL) check box or the Any traffic check box
as traffic match criteria, or click the Use class-default as traffic class radio button. Click Next to
continue to the Rule Actions screen.
NetFlow actions are available only for global service policy rules and are applicable only to the
class-default traffic class and to traffic classes with traffic match criteria of "Source and
Destination IP Address (uses ACL)" or "Any traffic."
Choose the flow event type from the drop-down list. Available events are created, torn down, denied,
or all.
Choose collectors to which you want events sent by checking the corresponding check boxes in the
Send column.
Cisco ASA 5500 Series Configuration Guide using ASDM
Using NetFlow
72-5.
29-8.
72-5