Phil, I think that if you read up on the differences between Netflow v9 and NSEL (what Cisco ASA uses) the issues will become apparent. For now you must either use nfdump-1.5.7-nsel or wait until NSEL support is fully fleshed out in a future 1.6.x release.
This link provides some interesting reading and points out the inherent differences within NSEL: http://www.plixer.com/blog/netflow/what-is-nsel-a-deeper-look-part-1/ Further details on the issues with NSEL here: http://netflowninjas.typepad.com/blog/2009/05/firewalls-and-netflow-it-could-be-heaven.html I hope this information helps and I'm sorry there is no immediate solution. I too would love to be able to fully interpret flow data from our ASAs. Regards, Bryan VanDivier Communications Manager University of North Texas Data Communications From: Phil Pierotti [mailto:phil.piero...@gmail.com] Sent: Monday, August 09, 2010 4:32 PM To: peter.h...@switch.ch Cc: nfsen-discuss@lists.sourceforge.net Subject: Re: [Nfsen-discuss] asa and nfdump 1.6.1.....only seeing flow data. Ok so obviously I (for one) am confused. I thought the point of v9 was that the flow-sender defined the templates as part of the flow datastream. So any flow-receiver needs to accept, recognize, and interpret the flow-templates from within the flow-datastream itself. The intention being that any flow-receiver which is "v9 compatible" is *always* compatible with whatever is being sent. .... or am I completely misunderstanding something? Phil P On Mon, Aug 9, 2010 at 3:29 PM, Peter Haag <peter.h...@switch.ch<mailto:peter.h...@switch.ch>> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all users of CISCO ASA, On 8/6/10 13:35, Vilberg Eiríksson wrote: > Hello all, > > ....i am using nfdump version 1.6.1 and using ASA 5510 to > export the netflow traffic. I am only seeing flow data but no traffic or > data. CISCO ASA is not standard netflow! Although is uses netflow v9 to export information, it has it's very own set of very specific templates. nfdump 1.6.1 does not yet support ASA flows. There is a nfdump-1.5.7-nsel version on sourceforge, with patches form CISCO, to process ASA flows. ASA is subject to be integrated into nfdump-1.6.x in upcoming releases. - Peter > > While looking this up on Mr. google i see that there was a patch for version > 1.5.7 to have this working with asa but it also says that it is supposed to > be included in version 1.6. > > Is there someting else i need to to to have this working with my ASA 5510. I > am pretty sure i have the ASA config correct but maybe there is someting i > need to tweak there also > > Any ideas?? > > Regards, > > Vilberg Eiríksson > Network and Security > Tel: +354 563 3125 > Mobile: +354 664 3125 > > [cid:image001.jpg@01CB355B.7EE64F70][cid:image002....@01cb355b.7ee64f70] > > [cid:image003.gif@01CB355B.7EE64F70] > Homepage: www.ejs.is<http://www.ejs.is><http://www.ejs.is/> > > Grensásvegur 10, 108 Reykjavík, Iceland > Tel: +354 563 3000 Fax: +354 568 8487 > > > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > > > > _______________________________________________ > Nfsen-discuss mailing list > Nfsen-discuss@lists.sourceforge.net<mailto:Nfsen-discuss@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland E-mail: peter.h...@switch.ch<mailto:peter.h...@switch.ch> Web: http://www.switch.ch/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iQCVAwUBTF+SOv5AbZRALNr/AQJcIgP+ISR7pgGigQyJOBuAom8OMLi4x5PJFbGR 6tNPix8MPgEyl8EsZHVfvk13GmMdb06uiqxdvr3BmSolHSeeX6Utdbyj8PoIU1bT Nz8dxeJb4j6MBIXr9RVmDK9cY9JDhCt2rhRdVGUVOLKLDUKv2fB55CtQyxf/TcPQ w2a1Oj6hbwU= =t0b+ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net<mailto:Nfsen-discuss@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
