Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

NetFlow to support NSEL (Network Secure Event Logging)

NetFlow to support NSEL (Network Secure Event Logging)

0 Votes

Customer is looking to enable Netflow on the Cisco Firepower appliances however the data will be in the format of Cisco Network Secure Event Logging (NSEL, based on NetFlow 9).

Note: Traffic does not claim any device support officially. The flows are supposed to be device independent. That said what ASA exports is not exactly netflow v9, it is called NSEL which is a slightly different version from V9. So, as of today this is not supported. There is no official document for device support.

(1) sysOID of the CISCO Firepower device
                   --- .1.3.6.1.4.1.9.1.2313
                   --- .1.3.6.1.4.1.9.1.2316
(2) nms-traffic-master.address.properties file does not have option: “enable.asa=true/false”

We’ve seen a problem with some specific models, for example this ASA (see link below) is NSEL (Network Security Event Logs) based flow which I assume we have not tested It before. Currently our LEAF collector does not have logic to parse these two new fields:
NF_F_FWD_FLOW_DELTA_BYTES – Initiator Octets
NF_F_REV_FLOW_DELTA_BYTES – Responder Octets

Enhancement request has been raised to enhance this:
Flows from Cisco ASA cannot be processed by Traffic iSPI
https://softwaresupport.softwaregrp.com/km/QCCR1B133858 

Tags (3)
2 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes
 
Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.