Thread
Cisco ASA 5520 NetFlow Templates and WUG NetFlow 2.0
Thread posted 7/28/09 by Anthony Grevich
2629 Views, 5 Comments
Title:
Cisco ASA 5520 NetFlow Templates and WUG NetFlow 2.0
Message:
I have my ASA properly configured to send NetFlow data to our WUG box.
I am receving a lot of information, but not all of the information I need and what WUG can display.
Currently I am running the latest version of the ASA software 8.21 which is the first version to support NetFlow.
I found this site which outlines Cisco implementation for NetFlow and I have seen other forums for other pieces of software that cannot properly read Cisco's NetFlow templates.
Just wondering if I am missing something
http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html
Thanks!
Image:
Comments
Anthony,
This is actually an issue with the ASA device. Although all of the documentation states that they support NetFlow, the reality is what they actually support is NSEL or NetFlow Security Event Logging, which is a variation of NetFlow v9. TO the best of my knowledge, the only product on the market currently that supports this is the Cisco CS-MARS product.
That being said, we are currently working with Cisco so that we to can add support for NSEL.
Thanks
Jason
Reply to this Comment
Anthony,
I am getting an exactly same problem. I am running WUG 14.1 build 125 and ASA 8.2.1.11. Please also let me know if you have any update.
Ps. Scrutinizer works well with this ASA configuration. I wonder why WUG doesn't.
Thanks,
Nitass
Reply to this Comment
We've moved away from the ASA Firewall to a different vendor.
Based on what was mentioned above and cisco doc, you just have to support Cisco's implementation of NetFlow.
Reply to this Comment
Anthony,
Noted with thanks.
Nitass
Reply to this Comment
Version 14.2, currently in TPP and soon to be released, does have support for Cisco ASA.
Claudio Robles
Reply to this Comment