Hi Simon,
ASA exports event records and not flows as such.
If you want to to more than just Event tracking of your ASA device,
it would be probably best to have a router exporting real flow data
in addition to the ASA event records. To my knowledge, it's not
possible to separate input/output etc, as the event records do
not contains this information.
Bidirectional means mostly, that some ASAs export counters for packets
and bytes in both directions. You probably would like to craft a special
output format according what your ASA exports.
- Peter
On 22/11/14 23:19, Simon Außerlechner wrote:
> Hi,
>
> first of all: thank you very much for these awesome tools.
>
> I have a question regarding nfsen and the flow data visualization. My
> goal is to have a profile that visualizes the traffic with respect to
> the directions, i.e., inside-outside and outside-inside, independent
> from the actual flow's direction.
>
> I get the netflow (v9) from an ASA5505 (9.1(3)), using nfcapd (nfdump
> version 1.6.12).
>
> nfdump was compiled with --enable-nfprofile --enable-nftrack
> --enable-sflow --enable-nsel
>
> The flows themselves look perfectly fine, when using nfdump, except for
> the fact that the packet count is always 0, e.g.,
>
> Date first seen Event XEvent Proto Src IP Addr:Port
> Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In
> Byte Out Byte
> 2014-11-20 20:21:31.929 CREATE Ignore TCP 192.168.0.1:54321 ->
> x.x.x.x:443 y.y.y.y:54321 -> x.x.x.x:443 0 0
> 2014-11-20 20:21:31.929 DELETE 2028 TCP 192.168.0.1:54321 ->
> x.x.x.x:443 y.y.y.y:54321 -> x.x.x.x:443 1234 4567
>
> where 192.168.0.1 is some inside-Client, y.y.y.y is some webserver,
> x.x.x.x is the ASA's outside-IP.
>
> As far as I as understood, an ASA flow is bidirectional per se. For this
> reason, I cannot have a split traffic view, using a filter like "IN IF
> <outside_if_index>", and "OUT IF <outside_if_index>", respectively. Is
> that right?
>
> Is there another way to have such a directional traffic view?
>
> Thank you very much in advance.
>
> Best regards,
> Simon
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
