I recently updated to ASA code version 8.2, and am trying ti find a utility that can read/interperate the NSEL output, and hopefully give some bandwidth stats. I ahve tried orion, scrutanizer, and advantnet. the first two didnt report anything, and adventnet only reported some IP address, but did not recognize the interface names or give any data bandwidths. It just said index1 and index2 for the interfaces.
The adaptive security appliance implementation of NSEL is a stateful, IP flow tracking method that exports only those records that indicate significant events in a flow. In stateful flow tracking, tracked flows go through a series of state changes. NSEL events are used to export data about flow status, and are triggered by the event that caused the state change.
NSEL has the following prerequisites:
â¢IP address and hostname assignments must be unique throughout the NetFlow configuration.
â¢You must have at least one configured collector before you can use NSEL.
â¢You must configure NSEL collectors before you can configure filters via Modular Policy Framework.
ok I still dont know what I am supposed to use to read the flow logs/exports. As I have said two of the three I have tried showed absolutely nothing, and the 3rd didnt seem to be able to make much sense of it. Besides MARS, what can I use to read NSEL?
For what it is worth, I talked to someone from Netflow Auditor today and they said they should be able to parse this data with Version 4 which comes out in June sometime. I am going to download version 4 and get a trial key when it is available to test this capability.
The "match any" and "flow-export event-type all" lines force the export of ALL NSEL events.
Unless you have MARS, your collector probably will get the packets and pull ifindex numbers for the interfaces, both physical and virtual, but you will not get any of the payload data from the netflow packets. I am very disappointed in this revelation, but sadly, not surprised.
v9 is pretty straight forward and I know that it can be read in wireshark if you collected packet captures to verify. Is there something specifically that your collector isn't dealing well with? I know I've seen problems where collectors are looking for the bytes in the flow which is ID 1, but that is never sent by the ASA as ID 1 is the number of bytes since the last update. The ASA uses ID 85 which is the total bytes sent.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :