BradReese.Com Cisco vs. ZTE Price Quote Comparisons

Home About Repair Power Supplies Refurbished Blog Quick Links Site Map Contact Us

 
Mike Patterson speaks out
Learn more about Mike Patterson...
Archive
  Help

Aironet

Power Supplies

VoIP Gateways

Cisco Repair

Refurbished Cisco

Cisco CPQRGs

New Cisco

New HP ProCurve

Cisco Tools

Competitive Lab Tests

Tech Forums

How-to Tutorials

CCIE Gossip

Blogroll

 
View the archive of Mike Patterson speaks out

Subscribe to Bloggers speak out on BradReese.Com

Cisco ASA NSEL (Network Security Event Logs) Reporting Tutorial

View the 9-page Cisco ASA NSEL Reporting Tutorial (Protection from Internet Threats).

Thu, 5/10/12 - 11:59pm    View comments

Plixer InternationalCisco Developer RegisteredThe Cisco ASA NetFlow Configuration via ASDM (Cisco Adaptive Security Device Manager) will export something called ASA NSEL (Network Security Event Logs) which includes details on ACLs, Network Address Translation, Events and other juicy information.
 

View the 9-page Cisco ASA NSEL Reporting Tutorial (Protection from Internet Threats).

Look for a Cisco ASA NSEL Reporting solution if you are looking to find out:

  • How do I know which ACLs are triggered the most?
  • How do I know what protocols and end users are impacted the most?
  • How do I filter for a host and determine why the connection isn't being allowed?
Reports on ASA Access Control Lists get exported in NSEL, however, they're in hex which requires an easy trick in order to decipher what they mean.
 

ASA NSEL ACL Reporting
 

The 12-byte raw ACL ID must be divided into its three constituent parts, as follows:
 

ASA ACL 12-Bytes
 

  • The first four bytes are the ACL Name ID.
  • The next four bytes are the ACL Entry ID (ACE)/Object-Group ID.
  • The final four bytes are the Extended ACL Entry ID.

  To see them: Use asa# show access-list
 

Cisco ASA NSEL Decipher
 

Once you know what ACL or Username you want to filter on, the NetFlow Analyzer should allow you to filter for the ACL and/or Username to narrow in on exactly what you're looking for:
 

ASA NSEL Filtering on ACL and Username
 

Of course, if you have questions on ASA NSEL NetFlow Analysis, reach out to the Plixer team and they'll give you a hand as part of the evaluation process.

And finally this upcoming week, Plixer International is providing a webcast on ASA NetFlow NSEL Reporting:

Tuesday - May 15th, both at 9AM and 2PM

Wednesday - May 16th, both at 9AM and 2PM

Thursday - May 17th, both at 9AM and 2PM

View more Cisco How-To Tutorials.

Related stories:

The unique NSEL elements of the Cisco ASA firewall

Cisco ASA 5520 DIMM slot issue appears to be a manufacturing defect

Did Cisco dump the ASA 5580 because of its HP heritage?

Plixer offers free tool that brings Netflow analysis to Cisco ASA firewall

How to configure access lists in the Cisco ASA with multiple contexts to allow DHCP

AT&T managed firewall service has new Cisco ASA option available

ASA 5510 appears to cause cooling problem in APC rack

Mike Patterson's other blog stories:

Dell solves complex business problems

Enterasys Secure Networks

Mike Patterson speaks out

Systrax High-Impact Network Monitoring

TMCnet Advanced NetFlow Traffic Analysis

Join the NetFlow Developments Group on LinkedIn
 


What's your take?

Subscribe to Bloggers speak out on BradReese.Com

Favorite Blog Story Picks

  1. Cisco's Q3'FY12 data center revenue sequentially declined
  2. Silver Peak Systems appears to be the new culprit in Cisco's WAN optimization controllers (WOCs) market share loss
  3. How to report and track stolen Cisco equipment
  4. Cisco's Jabber for everyone offer FAQ
  5. Cisco CEO John Chambers pontificates: There's more networking opportunities than we can balance
  6. Are Mario Mazzola, Prem Jain and Luca Cafiero killing Cisco's ability to innovate?
  7. Cisco's developing a next generation firewall (NGFW)
  8. Microsoft upgrading switches to Arista Networks
  9. Cisco acquisition NDS accused of pay TV piracy, hacking, sabotage, fabricated legal actions and obtaining telephone records illegally
  10. Cisco's losing market share in 3 major data center segments
  11. NDS appears to be another BS acquisition by Cisco
  12. Did Deloitte's Q&A destroy Cisco's single vendor network marketing strategy?
  13. Can IP host reputation systems protect against the Russian Business Network? - Mike Patterson
  14. Competitive vendor analysis: 10GbE and 40GbE switches by chassis and rack - Darius Goodall
  15. January 2012 Cisco CCIE count
  16. Monitoring cloud services with Cisco's Flexible Netflow - Mike Patterson
  17. Cisco's Q2'FY12 switching, routing, collaboration revenues and product gross margin sequentially declined
  18. Cisco's historical financial statements confirm -$809 million discrepancy in security sales
  19. This story is how the Cisco CCIE program was born - Stuart Biggs
  20. View the archive of Bloggers speak out on BradReese.Com
 
blog comments powered by Disqus

CCIE available Metro DC

Supplement Cisco SMARTnet Contracts

 

©2013 BradReese.Com - Home - About - Repair - Power Supplies - Refurbished - Blog - Quick Links - Site Map - Contact Us