Subscribe to Bloggers speak out on BradReese.Com
Cisco ASA NSEL (Network Security Event Logs) Reporting Tutorial
View the 9-page Cisco ASA NSEL Reporting Tutorial (Protection from Internet Threats).
Thu, 5/10/12 - 11:59pm View comments
ASA NetFlow Configuration via ASDM (Cisco Adaptive Security Device Manager ) will export something called ASA NSEL (Network Security Event Logs) which includes details on ACLs, Network Address Translation, Events and other juicy information.
View the 9-page Cisco ASA NSEL Reporting Tutorial (Protection from Internet Threats).
Look for a Cisco ASA NSEL Reporting solution if you are looking to find out:
How do I know which ACLs are triggered the most?
How do I know what protocols and end users are impacted the most?
How do I filter for a host and determine why the connection isn't being allowed?
Reports on ASA Access Control Lists get exported in NSEL, however, they're in hex which requires an easy trick in order to decipher what they mean.
The 12-byte raw ACL ID must be divided into its three constituent parts, as follows:
The first four bytes
The next four bytes
The final four bytes
Once you know what ACL or Username you want to filter on, the NetFlow Analyzer should allow you to filter for the ACL and/or Username to narrow in on exactly what you're looking for:
Of course, if you have questions on ASA NSEL NetFlow Analysis , reach out to the Plixer team and they'll give you a hand as part of the evaluation process.
And finally this upcoming week, Plixer International is providing a webcast on ASA NetFlow NSEL Reporting :
Tuesday - May 15th, both at 9AM and 2PM
Wednesday - May 16th, both at 9AM and 2PM
Thursday - May 17th, both at 9AM and 2PM
View more Cisco How-To Tutorials .
Related stories:
The unique NSEL elements of the Cisco ASA firewall
Cisco ASA 5520 DIMM slot issue appears to be a manufacturing defect
Did Cisco dump the ASA 5580 because of its HP heritage?
Plixer offers free tool that brings Netflow analysis to Cisco ASA firewall
How to configure access lists in the Cisco ASA with multiple contexts to allow DHCP
AT&T managed firewall service has new Cisco ASA option available
ASA 5510 appears to cause cooling problem in APC rack
Mike Patterson's other blog stories:
Dell solves complex business problems
Enterasys Secure Networks
Mike Patterson speaks out
Systrax High-Impact Network Monitoring
TMCnet Advanced NetFlow Traffic Analysis
What's your take?
Subscribe to Bloggers speak out on BradReese.Com
Cisco's Q3'FY12 data center revenue sequentially declined Silver Peak Systems appears to be the new culprit in Cisco's WAN optimization controllers (WOCs) market share loss How to report and track stolen Cisco equipment Cisco's Jabber for everyone offer FAQ Cisco CEO John Chambers pontificates: There's more networking opportunities than we can balance Are Mario Mazzola, Prem Jain and Luca Cafiero killing Cisco's ability to innovate? Cisco's developing a next generation firewall (NGFW) Microsoft upgrading switches to Arista Networks Cisco acquisition NDS accused of pay TV piracy, hacking, sabotage, fabricated legal actions and obtaining telephone records illegally Cisco's losing market share in 3 major data center segments NDS appears to be another BS acquisition by Cisco Did Deloitte's Q&A destroy Cisco's single vendor network marketing strategy? Can IP host reputation systems protect against the Russian Business Network? - Mike Patterson Competitive vendor analysis: 10GbE and 40GbE switches by chassis and rack - Darius Goodall January 2012 Cisco CCIE count Monitoring cloud services with Cisco's Flexible Netflow - Mike Patterson Cisco's Q2'FY12 switching, routing, collaboration revenues and product gross margin sequentially declined Cisco's historical financial statements confirm -$809 million discrepancy in security sales This story is how the Cisco CCIE program was born - Stuart Biggs View the archive of Bloggers speak out on BradReese.Com
Please enable JavaScript to view the comments powered by Disqus.
blog comments powered by
