Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA NSEL

Hi,

   When we export NSEL from Cisco ASA, we have seen some additional field types 7233,7235 and 7237. These fields are not defined in Cisco ASA NSEL implementation notes.

What these fields refer to?

Thanks

Raj

Everyone's tags (2)
2 REPLIES
Community Member

Re: Cisco ASA NSEL

I think you are using Wireshark to view NSEL files. Wireshark do not parse and present the V9 packets correctly. You should use Ethereal, where you do not face this issue.

If you can only use Wireshark, then see the corresponding hexadecimal value in Wireshark for the selected component. For 7233, corresponding hexadecimal value you would see is 9c 41.

0x9c41 is Decimal 40001. 40001 refers NF_F_XLATE_SRC_ADDR_IPV4 as per this doc http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html

Senthil

Community Member

Cisco ASA NSEL

Hello Raj,

Those elements (7233,7235 and 7237) are defined in Scrutinizer NetFlow Analyzer.  NSEL does some unique things with NetFlow v9.

802
Views
0
Helpful
2
Replies
CreatePlease to create content