Cisco NSEL protocol configuration options
To monitor NetFlow packet flows from a Cisco Adaptive Security Appliance (ASA), configure the Cisco Network Security Event Logging (NSEL) protocol source.
The Cisco NSEL protocol is an inbound/passive protocol. To integrate Cisco NSEL with QRadar, you must manually create a log source to receive NetFlow events. QRadar does not automatically discover or create log sources for syslog events from Cisco NSEL.
The following table describes the protocol-specific parameters
for the Cisco NSEL protocol:
Parameter | Description |
---|---|
Protocol Configuration | Cisco NSEL |
Log Source Identifier | If the network contains devices that are attached to a management console, you can specify the IP address of the individual device that created the event. A unique identifier for each, such as an IP address, prevents event searches from identifying the management console as the source for all of the events. |
Collector Port | The UDP port number that Cisco ASA uses to forward NSEL events. QRadar uses port 2055 for flow data on QRadar® QFlow Collectors. You must assign a different UDP port on the Cisco Adaptive Security Appliance for NetFlow. |