Licensing requirements for nsel, Prerequisites for nsel – Cisco ASA 5505 User Manual

78-3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 78 Configuring NetFlow Secure Event Logging (NSEL)

Licensing Requirements for NSEL

Note

When NSEL and syslog messages are both enabled, there is no guarantee of chronological ordering
between the two logging types.

Licensing Requirements for NSEL

Prerequisites for NSEL

NSEL has the following prerequisites:

•

IP address and hostname assignments must be unique throughout the NetFlow configuration.

•

You must have at least one configured collector before you can use NSEL.

•

You must configure NSEL collectors before you can configure filters via Modular Policy
Framework.

106023

When a flow was denied by an
ACL attached to an interface
through the access-group
command.

3—Flow was denied.

1001—Flow was denied by the
ingress ACL.

1002—Flow was denied by the
egress ACL.

302013, 302015,
302017, 302020

TCP, UDP, GRE, and ICMP
connection creation.

1—Flow was created.

0—Ignore.

302014, 302016,
302018, 302021

TCP, UDP, GRE, and ICMP
connection teardown.

2—Flow was deleted.

0—Ignore.

> 2000—Flow was torn down.

313001

An ICMP packet to the device
was denied.

3—Flow was denied.

1003—To-the-box flow was
denied because of configuration.

313008

An ICMP v6 packet to the device
was denied.

3—Flow was denied.

1003—To-the-box flow was
denied because of configuration.

710003

An attempt to connect to the
device interface was denied.

3—Flow was denied.

1003—To-the-box flow was
denied because of configuration.

Model

License Requirement

All models

Base License.

Table 78-1

Syslog Messages and Equivalent NSEL Events (continued)

Syslog Message

Description

NSEL Event ID

NSEL Extended Event ID