Cisco ASA 5505 Configuration Manual page 1642

Feature History for NSEL
Related Documents
Related Topic
Using NSEL and Syslog Messages, page 72-2
Information about the implementation of NSEL on the
adaptive security appliance
RFCs
RFC
3954
Feature History for NSEL
Table 72-2
backwards-compatible with multiple platform releases, so the specific ASDM release in which support
was added is not listed.
Table 72-2 Feature History for NSEL
Platform
Feature Name Releases
NetFlow 8.1(1)
NetFlow 8.1(2)
Filtering
NSEL 8.2(1)
Cisco ASA 5500 Series Configuration Guide using ASDM
72-8
Document Title
Cisco ASA 5500 Series System Log Messages
Cisco ASA 5500 Series Implementation Note for NetFlow Collectors
Title
Cisco Systems NetFlow Services Export Version 9
lists each feature change and the platform release in which it was implemented. ASDM is
Feature Information
The NetFlow feature enhances the adaptive security appliance logging capabilities by
logging flow-based events through the NetFlow protocol. NetFlow Version 9 services are
used to export information about the progression of a flow from start to finish. The
NetFlow implementation exports records that indicate significant events in the life of a
flow. This implementation is different from traditional NetFlow, which exports data about
flows at regular intervals. The NetFlow module also exports records about flows that are
denied by access lists. You can configure an ASA 5580 to send the following events using
NetFlow: flow create, flow teardown, and flow denied (only flows denied by ACLs are
reported).
The following screen was introduced:
Configuration > Device Management > Logging > NetFlow.
You can filter NetFlow events based on traffic and event-type, and then send records to
different collectors. For example, you can log all flow-create events to one collector, and
log flow-denied events to a different collector.
For short-lived flows, NetFlow collectors benefit from processing a single event instead of
two events: flow create and flow teardown. You can configure a delay before sending the
flow-create event. If the flow is torn down before the timer expires, only the flow teardown
event is sent. The teardown event includes all information regarding the flow; no loss of
information occurs.
The following screen was modified:
Configuration > Firewall > Service Policy Rules.
The NetFlow feature has been ported to all ASA 5500 series adaptive security appliances.
Chapter 72 Configuring NetFlow Secure Event Logging (NSEL)
OL-20339-01