I need to capture Netflow v9 and NSEL traffic. Ergo IOS netflow traffic, and ASA netflow traffic (NSEL). I am trying various netflow caputiring tools right now, but they are paid for offerings that do far more than what I am really looking to do. I simply want to capture traffic and analyze it.
I've tried Solarwindows Netflow Analyzer and it doesn't support NSEL netflow traffic. I tried splunk with netflow integrator and it doesn't support NSEL either. Not too happy with the looks of PTRG. I really liked the look of netflow integrator for splunk, and the free version rocks, but I can't see spending $2,000 for the paid version just to support NSEL..
I've heard good things about NFDUMP and NFSEN, but I can't see for sure if it supports NSEL or not. I tried CACTI and it does alot of what I'm looking for but I couldn't get NSEL working with it.
I read somewhere that NSEL traffic wasn't designed to be retained or monitored in real time. Does that sound right?
Regarding: "I read somewhere that NSEL traffic wasn't designed to be retained or monitored in real time. Does that sound right?"
Answer: Cisco NSEL 8.4(5) switched to true bidirectional flows which broke most collectors on the market. They reverted back in every version after until the recent release (May 24th, 2013) of NSEL 9.1(2) where they fixed it again.
Solarwinds NTA supports ASA NSEL flows. Maybe you are exporting the newer version of NSEL but using an older NTA version.
Don Thomas Jacob
NOTE: Please rate posts and close questions if you have found the answers helpful.