Cisco NSEL log source parameters for Cisco ASA

If QRadar® does not automatically detect the log source, add a Cisco ASA log source on the QRadar Console by using the Cisco NSEL protocol.

Note: Your system must be running the current version of the NSEL protocol to integrate with a Cisco ASA device that uses NetFlow and NSEL. The NSEL protocol is available on IBM® Support,, or through auto updates in QRadar.
The following table describes the parameters that require specific values to collect Cisco NSEL events from Cisco ASA:
Table 1. Cisco NSEL log source parameters for the Cisco ASA DSM
Parameter Value
Log Source type Cisco Adaptive Security Appliance (ASA)
Protocol Configuration Cisco NSEL
Log Source Identifier Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco ASA appliance.

Collector Port Type the UDP port number that is used by Cisco ASA to forward NSEL events. The valid range of the Collector Port parameter is 1-65535.

QRadar typically uses port 2055 for NetFlow event data on the QRadar QFlow Collector. You must define a different UDP port on your Cisco Adaptive Security Appliance for NetFlow that uses NSEL.

For a complete list of Cisco NSEL protocol parameters and their values, see Cisco NSEL protocol configuration options.