EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1991 background imageLoading...
Page #1991 background image
1-3
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring NetFlow Secure Event Logging (NSEL)
Information About NSEL
Note When NSEL and syslog messages are both enabled, there is no guarantee of chronological ordering
between the two logging types.
Using NSEL in Clustering
Each ASA establishes its own connection to the collector(s) using its unit local IP address. The fields in
the header of the export packet include the system up time, UNIX time (synchronized across the cluster),
and sequence number. These fields are all local to an individual ASA. The NSEL collector uses the
combination of the source port of the packet to separate different exporters.
Each ASA manages and advertises its template independently. Because the ASA supports in-cluster
upgrades, different units may run different image versions at a certain point in time. As a result, the
template that each ASA supports may be different.
Note Clustering is available on the ASA 5580 and 5585-X only. For more information about clustering, see
Chapter 1, “Configuring a Cluster of ASAs.
Table 1-1 Syslog Messages and Equivalent NSEL Events
Syslog Message Description NSEL Event ID NSEL Extended Event ID
106100 Generated whenever an ACL is
encountered.
1—Flow was created (if the
ACL allowed the flow).
3—Flow was denied (if the
ACL denied the flow).
0—If the ACL allowed the flow.
1001—Flow was denied by the
ingress ACL.
1002—Flow was denied by the
egress ACL.
106015 A TCP flow was denied because
the first packet was not a SYN
packet.
3—Flow was denied. 1004—Flow was denied because
the first packet was not a TCP
SYN packet.
106023 When a flow was denied by an
ACL attached to an interface
through the access-group
command.
3—Flow was denied. 1001—Flow was denied by the
ingress ACL.
1002—Flow was denied by the
egress ACL.
302013, 302015,
302017, 302020
TCP, UDP, GRE, and ICMP
connection creation.
1—Flow was created. 0—Ignore.
302014, 302016,
302018, 302021
TCP, UDP, GRE, and ICMP
connection teardown.
2—Flow was deleted. 0—Ignore.
> 2000—Flow was torn down.
313001 An ICMP packet to the device
was denied.
3—Flow was denied. 1003—To-the-box flow was
denied because of configuration.
313008 An ICMP v6 packet to the device
was denied.
3—Flow was denied. 1003—To-the-box flow was
denied because of configuration.
710003 An attempt to connect to the
device interface was denied.
3—Flow was denied. 1003—To-the-box flow was
denied because of configuration.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals