Skip to main content

 

 

Cisco Defense Orchestrator

Delete NetFlow Secure Event Logging (NSEL) Configuration from an ASA

This procedure explains how to DELETE the NetFlow Secure Event Logging (NSEL) Configuration on an ASA, which specifies the Secure Event Connector (SEC) as the NSEL flow collector.  This procedure reverses the macro described in Configuring NSEL for ASA Devices Using a CDO Macro.

This procedure refers to this macro, DELETE NSEL:

policy-map {{flow_export_policy_name}}
no class {{flow_export_class_name}}
no class-map {{flow_export_class_name}}
no flow-export destination {{interface}} {{IPv4_address}} {{NetFlow_port}}
no flow-export template timeout-rate {{timeout_rate_in_mins}}
no flow-export delay flow-create {{delay_flow_create_rate_in_secs}}
no flow-export active refresh-interval {{refresh_interval_in_mins}}
logging flow-export-syslogs enable
show run flow-export
show run policy-map {{flow_export_policy_name}}
show run class-map {{flow_export_class_name}}

Before You Begin

Gather the information in the following list. If you configured it by the Configuring NSEL for ASA Devices Using a CDO Macro, this information might be available in the command line interface history.

  • Name of the policy-map you configured as the NetFlow policy-map
  • Name of the class-map you configured as the NetFlow class-map
  • IPv4 address of the Secure Event Connector (SEC) that you configured to receive data from the ASA
  • Interface on the ASA that you configured to send data to the SEC
  • UDP port number you configured to forward NetFlow events to, the NetFlow port is 10425.
  • The value you configured as the flow-export template timeout-rate
  • The value you configured as the flow-export delay flow create rate
  • The value you configured as the flow-export active refresh-interval

Workflow

These are the tasks you need to complete to delete NetFlow Secure Event Logging (NSEL) on an ASA for CDO. Complete all of the tasks below:

  1. Open the DELETE NSEL macro.
  2. Enter the values in the macro to complete the no commands.
  3. Review and Send the macro.

Open the DELETE-NetFlow Secure Event Logging (NSEL) Configuration Macro

  1. On the Devices & Services page, select the ASA(s) on which you want to delete the configuration of NetFlow Secure Event Logging (NSEL).
  2. In the Device Actions pane, click Command Line Interface.
  3. Click the Macros star clipboard_e5e914e9454dca0a1982ab3d2dae7f514.png to show the list of available macros.
  4. In the list of macros, select DELETE-NetFlow Secure Event Logging (NSEL) Configuration.
  5. Under the Macro box, click View Parameters.

Create a Macro in CDO by Copying the "DELETE-NetFlow Secure Event Logging (NSEL) Configuration" Macro

  1. In the Devices & Services page, select an online and synced ASA device. 
  1. In the Device Actions pane, click >_Command Line Interface.
  2. Click the CLI macro favorites star cli_star.png to see what macros already exist.
  3. Click the the plus button cli_create_plus.png.
  4. Give the macro the name DELETE-NetFlow Secure Event Logging (NSEL) Configuration.
  5. Copy the contents of the DELETE-NetFlow Secure Event Logging (NSEL) Configuration macro above, and paste it into the Command field.
  6. Click Create. The macro you create is available for use on all your ASA devices. 

Enter the Values in the Macro to Complete the No Commands

The ASA CLI uses the "no" form of a command to delete it. Fill in the fields in the macro to complete the "no" form of the command:

  1. policy-map {{flow_export_policy_name}}
  • {{flow_export_policy_name}}-Enter the value of the policy-map name.
  1. no class {{flow_export_class_name}}
  • {{flow_export_class_name}}-Enter the value of the class-map name.
  1. no class-map {{flow_export_class_name}}
  • {{flow_export_class_name}}-The value of the class-map name is inherited from the step above.
  1. no flow-export destination {{interface}} {{IPv4_address}} {{NetFlow_port}}
  • {{interface}}-Enter the name of the interface on the ASA from which the NetFlow events were sent. 
  • {{IPv4_address}}-Enter the IPv4 address of the SEC. The SEC functions as the flow collector.
  • {{NetFlow_port}}-Enter the UDP port number on the SEC to which NetFlow packets were sent. 
  1. no flow-export template timeout-rate {{timeout_rate_in_mins}}
  • {{timeout_rate_in_mins}}-Enter the flow-export template timeout-rate.

  1. no flow-export delay flow-create {{delay_flow_create_rate_in_secs}}
  • {{delay_flow_create_rate_in_secs}}-Enter the flow-export delay flow-create rate.

  1. no flow-export active refresh-interval {{refresh_interval_in_mins}}
  • {{refresh_interval_in_mins}}-Enter the flow-export active refresh-interval interval.

Review and Send the Macro

  1. After filling in the fields of the macro, click Review to review the commands before they are sent to the ASA.
  2. If you are satisfied with your responses to the commands, click Send

CAUTION: These commands will be executed without confirmation. 

  1. After you send the command, you may see the message, "Some commands may have made changes to the running config" along with two links.

cli_may_have_changed.png

  • Click Write to Disk to save the changes made by this command, and any other change made in the running-configuration, to the device's startup-configuration. 
  • Click Dismiss to dismiss the message.
  • Was this article helpful?