Network Aware, Business Secure

Michael Patterson

Subscribe to Michael Patterson: eMailAlertsEmail Alerts
Get Michael Patterson via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, Cisco Virtualization Journal, Java in the Cloud

Blog Feed Post

Cisco ASA NSEL : Best NetFlow Reporting

Finally, Cisco ASA NSEL details from a best at NetFlow reporting solution. NSEL allows for reporting on the non-traditional elements such as username, NAT, ACLs, etc. If you have not worked with technology before you may be pondering where all of this information comes from, and what it means. Today I will help clarify this for you by comparing Cisco’s event ID’s to syslogs.

You may have already noticed that NSEL is similar to syslogs; before Cisco ASA Release 8.1, Cisco ASA events were exported exclusively through system log messages and SNMP traps. NSEL can transmit much of the same syslog information in a less CPU-intensive, more secure and bandwidth-efficient way. Because of the way it was implemented most of the NSEL events will have a syslog equivalent.

Now let’s first take a look at the Cisco ASA Event ID’s:
• 0—Default (ignore)
• 1—Flow created
• 2—Flow deleted
• 3—Flow denied

As you can see with this very small example, you can get a lot of valuable data on NAT, ACLs, threats, cloud service monitoring, and much more. Now let’s dig in a little deeper and take a look at some of the Syslog Messages and Equivalent NSEL Extended Events.Cisco ASA Extended Event IDs
Are you looking for a best at NetFlow reporting and insight into security threats? Well look no further! Contact us today if you would like to see the advanced NSEL reports on the Cisco ASA.

Jimmy Wendler

For a free 30 day trial of Scrutinizer, Download Now

Sign up for Advanced NetFlow Training coming to a city near you!

Read the original blog entry...

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.