![]() This differs from v5 in the sense that we are no longer limited strictly to the 7-tuple defined by the RFC. The "flexible" aspect of NetFlow version 9 is the ability to create "templates" which allows for the arbitrary collection of data into NetFlow records. Not currently supported on the ASA platform.Ĭonfiguring Network Secure Event Logging (NSEL) - ASA version 8.3 Configuration Guide Does not provide information about specific IP Flows. ![]() (e.g., sampling rate or sampling method of an interface). Netflow packet that provides context for a value. Netflow packet that actually describes data about the IP flow. Netflow packet defining the structure of the NetFlow record being exported. This includes the Template, Options and Data FlowSets. It is a generic term for a collection of flow records. This is a term that only exists in NetFlow v9. NetFlow Secure Event Logging NetFlow export packet on the ASA. This is the generic term for a NetFlow packet. Structured packet containing NetFlow data. The source generating the NetFlow data, in this case the ASA. The server to which the NetFlow data is sent and interpreted. (In NetFlow version 5 a flow is technically defined as a 7-tuple but the ASA uses only the 5-tuple to define a flow) This is the five-tuple of the communication stream. The feature was introduced in ASA 8.2.1/ASDM 6.2.1. The implementation used on the ASA platforms is NetFlow v9 which is defined by RFC3954. This is done by sending binary data in UDP packets as opposed to ASCII based syslog messages. ![]() NetFlow on the ASA provides an efficient way to track connection creation, teardown and denies in an efficient manner. Logging in high performance environments is non-trivial. flow-export action not supported in interface policies.
0 Comments
Leave a Reply. |