Note The flow-update event feature is not available in Version 9.0(1).
These events are usually time-driven, which makes them more in line with traditional NetFlow however, they may also be triggered by state changes in the flow. In addition, the ASA and ASASM implementation of NSEL generates periodic NSEL events, flow-update events, to provide periodic byte counters over the duration of the flow. The significant events that are tracked include flow-create, flow-teardown, and flow-denied (excluding those flows that are denied by EtherType ACLs). NSEL events are used to export data about flow status and are triggered by the event that caused the state change. In stateful flow tracking, tracked flows go through a series of state changes. The ASA and ASASM implementations of NSEL provide a stateful, IP flow tracking method that exports only those records that indicate significant events in a flow. For more information about NetFlow services, see RFCs. The ASA and ASASM support NetFlow Version 9 services.
This section includes the following topics: This chapter includes the following sections:
CISCO ASA 5505 NETFLOW HOW TO
This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. Anonymous Reporting and Smart Call Home.Basic Interface Configuration (ASA 5505).Basic Interface Configuration (ASA 5512-X and Higher).Cisco Adaptive Security Virtual Appliance Deployment.Switch Configuration for the ASA Services Module.