Active timeout for ASA Netflow?

Unanswered Question
Jul 6th, 2010

I'm trying to figure out if active timeout is supported on ASA 8.3 Netflow export? The example below is from a Cisco IOS 4K switch.

1.  Following Netflow V9 fields must be exported: IPV4_SRC_ADDR, IPV4_DST_ADDR, IN_BYTES, IN_PKTS, L4_SRC_PORT, L4_DST_PORT, LAST_SWITCHED, FIRST_SWITCHED, PROTOCOL and TCP_FLAGS. (See RFC 3954, Reference 1).

2.  The inactive timeout be set to 15 seconds and the active timeout be set to 1 minute.

Switch(config)# ip flow-aggregation cache

Switch(config-flow-cache)# cache timeout inactive 15

Switch(config-flow-cache)# cache timeout active 1

What I need from ASA are commands:

1.    to configure ASA to send all the information in step 1 above.

2.    to set active timeout to 1 minute.

Does anyone know if this is possible?

Thanks,

AW

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kevin Redmon Tue, 07/06/2010 - 21:01

Adam,

The current available functionality on the ASA regarding NetFlow is still in its infancy.  There are future plans to expand this functionality to be more in line with the function of IOS NetFlow output.  In summary, the ASA does NOT provide continuous monitoring of any particular flow (again, as of yet) but will only register NetFlow events during a change in the connection status - ie connection denied, connection setup and connection teardowns.  For specifics of the NetFlow events that are logged, please consider the link below:

http://www.cisco.com/en/US/docs/security/asa/asa81/netflow/netflow.html

If you feel that this is a feature that you would like to see implemented in the near future, please feel free to communicate this to your Cisco Account team.  They will assist in the prioritization of features and when they will be implemented.

If this answers your questions, please be sure to mark this as answered for others' benefit.

Best Regards,

Kevin

Kevin Redmon Wed, 07/07/2010 - 05:11

Jake,

That is very interesting to see how the differences in the ASA NetFlow appear in the different tools.

Thanks for the insight!

Best Regards,

Kevin

Actions

This Discussion