Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1761
Views
0
Helpful
2
Replies

Netflow v9 and NSEL capturing

Joe Conklin
Level 1
Level 1

‎05-23-2013 06:01 PM - edited ‎03-04-2019 07:59 PM

I need to capture Netflow v9 and NSEL traffic. Ergo IOS netflow traffic, and ASA netflow traffic (NSEL). I am trying various netflow caputiring tools right now, but they are paid for offerings that do far more than what I am really looking to do. I simply want to capture traffic and analyze it.

  • It will need to capture traffic for IOS and ASA devices
  • It should be free, or open source ideally
  • It needs to retain up to 30 days of traffic
  • It should ideally be accessible via a web browser
  • It should allow me to see top source/desitination IP
  • It should allow me to see top ports/protocols

I've tried Solarwindows Netflow Analyzer and it doesn't support NSEL netflow traffic. I tried splunk with netflow integrator and it doesn't support NSEL either. Not too happy with the looks of PTRG. I really liked the look of netflow integrator for splunk, and the free version rocks, but I can't see spending $2,000 for the paid version just to support NSEL..

I've heard good things about NFDUMP and NFSEN, but I can't see for sure if it supports NSEL or not. I tried CACTI and it does alot of what I'm looking for but I couldn't get NSEL working with it.

I read somewhere that NSEL traffic wasn't designed to be retained or monitored in real time. Does that sound right?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

jakewilson
Level 1
Level 1

‎06-03-2013 06:27 AM

Hello Joe,

Regarding: "I read somewhere that NSEL traffic wasn't designed to be retained or monitored in real time. Does that sound right?"

Answer:  Cisco NSEL 8.4(5) switched to true bidirectional flows which broke most collectors on the market. They reverted back in every version after until the recent release (May 24th, 2013) of NSEL 9.1(2) where they fixed it again.  

Have you looked at nTop?  It might do what you want.  On the commercial side, Scrutinizer will probably do what you want.

Jake

www.netflowknights.com

0 Helpful

Don Jacob
Level 1
Level 1
In response to jakewilson

‎06-06-2013 04:50 AM

Hi Joe,

Solarwinds NTA supports ASA NSEL flows. Maybe you are exporting the newer version of NSEL but using an older NTA version.

Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx

NOTE: Please rate posts and close questions if you have found the answers helpful.

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card