Cisco NSEL log source parameters for Cisco ASA
If QRadar® does not automatically detect the log source, add a Cisco ASA log source on the QRadar Console by using the Cisco NSEL protocol.
Note: Your system must be running the current version of the NSEL protocol to integrate with a Cisco
ASA device that uses NetFlow and NSEL. The NSEL protocol is available on IBM® Support, http://www.ibm.com/support, or through auto updates in QRadar.
The following table describes the parameters that require specific values to collect Cisco NSEL
events from Cisco ASA:
| Parameter | Value |
|---|---|
| Log Source type | Cisco Adaptive Security Appliance (ASA) |
| Protocol Configuration | Cisco NSEL |
| Log Source Identifier | Type the IP address or host name for the log source. The identifier helps you determine which events came from your Cisco ASA appliance. |
| Collector Port | Type the UDP port number that is used by Cisco ASA to forward NSEL events. The valid range of
the Collector Port parameter is 1-65535. QRadar typically uses port 2055 for NetFlow event data on the QRadar QFlow Collector. You must define a different UDP port on your Cisco Adaptive Security Appliance for NetFlow that uses NSEL. |
For a complete list of Cisco NSEL protocol parameters and their values, see Cisco NSEL protocol configuration options.