Cisco ASA开启netflow启用流量分析

###Cisco ASA开启netflow启用流量分析
flow-export destination outside 10.167.26.124 9995   #netflow分析服务器及端口
flow-export delay flow-create 30 #默认为30分钟
flow-export template timeout-rate 1

logging flow-export-syslogs disable #禁用日志生成，保证数据库仅仅记录少量的必要信息。默认允许netflow的流量
access-list netflow-hosts extended permit ip any any
class-map netflow-traffic
    match access-list netflow-hosts
    description Netflow server
##将全局策略map 与 netflow class map关联
policy-map global_policy
class netflow-traffic
    flow-export event-type all destination 10.167.26.124
service-policy global_policy global
##禁用NetFlow可在Cisco ASA/ADM 执行以下命令:
flow-export disable
no flow-export destination inside 10.167.26.124 9995
GrandtecOfficeASA1# show run | i flow
GrandtecOfficeASA1# show run service-policy
GrandtecOfficeASA1# sho flow-export counters
$$$$$$$$$$$$$$$$$$$$$$$$$$
我们的ASA（版本8.2（x））使用Netflow版本9发送到SolarWinds Orion收集器。我们无需执行任何特殊操作即可使其工作。SolarWinds的文档在此处很好地解释了“常规”和“ ASA” Netflow之间的区别：http : //www.solarwinds.com/documentation/Netflow/docs/understandingciscoasanetflow.pdf。

仅在流创建，拆除或ACL拒绝事件期间发送NSEL记录，并使用NetFlow v9字段和模板。这是思科在ASA上了解Netflow 的文档
https://supportforums.cisco.com/docs/DOC-6113

示例二（running software version 9.1.(2) or later）：
flow-export destination inside 1.1.1.1 2055
flow-export template timeout-rate 1
flow-export delay flow-create 15

flow-export active refresh-interval 1 ( this will ensure all flows are exported every 1 minute)
access-list netflow-export extended permit ip any any
class-map netflow-export-class
match access-list netflow-export
policy-map global_policy ( Global Policy)
    class netflow-export-class  ( the following three commands should be added to the Global Policy)
         flow-export event-type flow-create destination 1.1.1.1
         flow-export event-type flow-denied destination 1.1.1.1
          flow-export event-type flow-update destination 1.1.1.1
service-policy global_policy global

Cisco在需要镜像流量的设备上配置Netflow：
ip cef
flow-sampler-map TEST               //创建Netflow例图
  mode random one-out-of 100   //设置例图模式为100个包随机取1个
ip flow-exportsource Loopback0
ip flow-exportversion 9
ip flow-exportdestination YY.YY.56.100 2222 sctp   //指向NetFlow采集器及端口
  backup destination YY.YY.56.254 2222    //设置备份Netflow采集器
  backup mode fail-over
interface G0/1
  ip flow ingress       //入方向开启NetFlow
  ip flow egress       //出方向开启NetFlow
  flow-sampler TEST        //入方向流量应用例图采用
  flow-sampler TEST egress     //出方向流量应用例图采样

GrandtecOfficeASA1# sho flow-export counters

destination: inside 10.167.26.124 9997
  Statistics:
    packets sent                                           230990
  Errors:
    block allocation failure                                    0
    invalid interface                                           0
    template send failure                                       0
    no route to collector                                       0
    failed to get lock on block                                 0
    source port allocation failure                              0