Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-11-2016 07:15 AM Edited on ‎01-31-2024 03:16 AM By Moderator

Article Id 189869

Technical Tip: Accelops Problem - Configured Netflow on Cisco ASA to send to AO but cannot find events in AO

Description

 

This article describes a configured netflow on the Cisco ASA to send to AO but it is impossible to find the events in AO.  

 

Solution

 

Summary of Topic.

This can happen if the NetFlow template is not sent frequently enough to the 'collector', which in this case is AccelOps.  If AO does not know how to parse the NetFlow events, which requires the NetFlow template, then AO discards the events.

 

Often it is possible to resolve this problem by increasing the frequency of sending the Netflow template.

The command to run on your Cisco ASA to increase the frequency is:

 

flow-export template timeout-rate 1

 

Additional Resources:

Netflow on ASA

  

Version application:

All. 

Labels:
305
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.