Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
0
Replies

ASA 5540 Netflow packets don't contain byte data

a80386dx25iv
Level 1
Level 1

‎08-30-2019 11:25 PM

Hello.

We use ASA 5540 with 8.2(1) (we can't update it).

I have configured netflow with commands:

flow-export destination inside 192.168.1.93 9997
flow-export template timeout-rate 1

policy-map global_policy
 class flow_export_class
  flow-export event-type all destination 192.168.1.93

service-policy global_policy global

 

Now I'm tying to collect netflow into Splunk. And there is no field "bytes" in netflow packages. I capture some packages with Wireshark.

For examle there is field "Bytes" in templates (id=0) for events with id=256. But there is no field "Byte" in Netflow packages proper

 

Screenshot_2019-08-31_11-06-01.pngScreenshot_2019-08-31_11-04-34.png

 

I saw this topic but there is no field "Byte" at all. And I use very old version IOS.

How can I add fields byte and packages?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents