I've implemented a lot of Cisco firewalls over the years, and one common thing that was missing was a method of doing external traffic analysis beyond syslog/snmp. Fortunately in recent versions of the ASA code Cisco has added support for Netflow output.
The only catch to this is that is generates Netflow V9 output (v5 is more commonly used). The only missing piece is a netflow collector. I have setup Scrutinizer and so far I'm very pleased.
Posts
No comments:
Post a Comment