Cisco NSEL log source parameters for Cisco ASA
If QRadar® does not automatically detect the log source, add a Cisco ASA log source on the QRadar Console by using the Cisco NSEL protocol.
Note: Your system must be running the current version of the NSEL protocol to integrate with a Cisco ASA device that uses NetFlow and NSEL. The NSEL protocol is available on IBM® Support, http://www.ibm.com/support, or through auto updates in QRadar.
The following table describes the parameters that require specific values to collect Cisco NSEL events from Cisco ASA:
|Log Source type||Cisco Adaptive Security Appliance (ASA)|
|Protocol Configuration||Cisco NSEL|
|Log Source Identifier||Type the IP address or host name for the log source.
The identifier helps you determine which events came from your Cisco ASA appliance.
|Collector Port||Type the UDP port number that is used by Cisco ASA to forward NSEL events. The valid range of
the Collector Port parameter is 1-65535.
QRadar typically uses port 2055 for NetFlow event data on the QRadar QFlow Collector. You must define a different UDP port on your Cisco Adaptive Security Appliance for NetFlow that uses NSEL.
For a complete list of Cisco NSEL protocol parameters and their values, see Cisco NSEL protocol configuration options.