The NetFlow pane lets you enable the transmission of data about a flow of packets. To access this pane, choose
Configuration > Device Management > Logging > NetFlow
Note IP address and hostname assignments should be unique throughout the NetFlow configuration.
To use NetFlow, perform the following steps:
Step 1 Enter the template timeout rate, which is the interval (in minutes) at which template records are sent to all configured collectors. The default value is 30 minutes.
Step 2 To delay the export of flow-creation events and process a single flow-teardown event instead of a flow-creation event and a flow-teardown event, check the
Delay export of flow creation events for short-lived flows
check box, then enter the number of seconds for the delay in the Delay By field.
Step 3 Specify the collector(s) to which NetFlow packets will be sent. You can configure a maximum of five collectors. To configure a collector, click
to display the Add NetFlow Collector dialog box, and perform the following steps:
a. Choose the interface to which NetFlow packets will be sent from the drop-down list.
b. Enter the IP address or hostname and the UDP port number in the associated fields.
Step 4 To configure more collectors, repeat Step 2 for each additional collector.
Step 5 To change collector configuration details, select a collector and click
. To remove a configured collector, select it and click
Step 6 When NetFlow is enabled, certain syslog messages become redundant. To maintain system performance, we recommend that you disable all redundant syslog messages, because the same information is exported through NetFlow. To disable all redundant syslog messages, check the
Disable redundant syslog messages
check box. To display the redundant syslog messages and their status, click
Show Redundant Syslog Messages
The Redundant Syslog Messages dialog box appears. The Syslog ID field displays the redundant syslog message numbers. The Disabled field indicates whether or not the specified syslog message is disabled. Click
to close this dialog box.
To disable individual redundant syslog messages, choose
Configuration > Device Management > Logging > Syslog Setup
Step 7 Click
to save your changes. Click
to enter new settings.
Matching NetFlow Events to Configured Collectors
After you configure NetFlow collectors, you can match a NetFlow event with any of these configured collectors.
To specify which NetFlow events should be sent to which collector, perform the following steps:
Step 1 In the ASDM main application window, choose
Configuration > Firewall > Service Policy Rules
Step 2 To add a service policy rule, perform the following steps:
to display the Add Service Policy Rule Wizard. For more information about service policy rules, see the “Adding a Service Policy Rule for Through Traffic” section.
b. Click the
Global - applies to all interfaces
to apply the rule to the global policy. Click
c. Check the
Source and Destination IP Address (uses ACL)
check box or the
check box as traffic match criteria, or click the
Use class-default as traffic class
radio button. Click
to continue to the Rule Actions screen.
Note NetFlow actions are available only for global service policy rules and are applicable only to the class-default traffic class and to traffic classes with traffic match criteria of “Source and Destination IP Address (uses ACL)” or “Any traffic.”
Step 3 In the Rule Actions screen, click the
Step 4 To specify flow events, click
to display the Add Flow Event dialog box, then perform the following steps:
a. Choose the flow event type from the drop-down list. Available events are created, torn down, denied, updated, or all.
Note The flow-update event is available in Version 8.4(5) only. It is not available in Version 9.0(1) or later.
b. Choose collectors to which you want events sent by checking the corresponding check boxes in the Send column.
c. To add, edit or delete collectors, or to configure other NetFlow settings (for example, syslog messages), click
to display the Manage NetFlow Collectors dialog box. Click
to close the Manage NetFlow Collectors dialog box and return to the Add Flow Event dialog box. For more information about configuring collectors, see Step 3 of the “Using NetFlow” section.
Step 5 Click
to close the Add Flow Event dialog box and return to the NetFlow tab.
Step 6 To change flow event entries, select an entry from the list, and click
. To remove flow event entries, select an entry from the list, and click
Step 7 Click
to exit the wizard.
Step 8 To edit a NetFlow service policy rule, perform the following steps:
a. Select it in the Service Policy Rules table, and click
b. Click the
tab, then click the