Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1268
Views
0
Helpful
2
Replies

Integrating AC NVM with McAfee SIEM

abhijith891
Level 1
Level 1

‎03-04-2019 04:09 PM - edited ‎02-21-2020 09:35 PM

Hello All,

 

I want to deploy NVM where a user's detailed flow should go the Mcafee syslog server. Can someone let me know if its really required to have a separate IPFIX collector component or is it okay if I redirect all the user flows(UDP 2055, 20519,20520) from the ASA directly to the syslog server?

 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎03-05-2019 12:35 AM

How is your Flows, you want to send the Flows from ASA to syslog Server, the SIEM pickup that logs to analyse.

 

yes it is possible.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

abhijith891
Level 1
Level 1
In response to balaji.bandi

‎03-05-2019 03:51 AM

Hi Balaji,

I am planning to create a new XML client profile with NVM inherited and will be opening the port UDP 2055 on ASA. The plan is to send all the flow traffic of each and every Anyconnect user to the syslog server. My only concern is whether a collector component is really required, because if thats the case, I need to invest in a new device. My deployment model is loosely based on the following article; except that we are authenticating against an AD instead of ISE and using Mcafee instead of Splunk.

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200600-Install-and-Configure-Cisco-Network-Visi.html

 

Note:  We are already sending syslogs on port 514 to SIEM, just wanted to know if its possible to send flow traffic the same way on port 2055 or do we need a new collector component.

0 Helpful
Customers Also Viewed These Support Documents