我们办公室的域控制器中有一个 PRTG 探测器192.168.4.4,我们正在尝试在我们租用的 Cisco ASA 5520 版本 8.2(5) 上配置 NetFlow 我们在 Cisco 上执行了以下操作:
conf t
access-list netflow-traffic extended permit ip any any
class-map netflow traffic
match acl netflow
flow-export destination inside 192.168.4.4 2056
policy-map global-policy
flow-export event-type all destination 192.168.4.4
检查命令:
show flow-export counters --> it shows few results
show logging flow-export
在 PRTG 上它仍然显示未激活;难道我做错了什么?
我不确定您输入时上面的代码行中是否有错别字,或者它们是否正是您当前配置中的错别字,但我注意到:
class-map netflow traffic似乎不对。match acl netflow是错误的,它应该是match access-list
netflow-traffic你命名你的ACLnetflow-trafficdelay flow-create和/或template timeout-rate我建议以下几行(排除delay flow-create,如果仍然不起作用,您可以尝试):
!
access-list netflow-traffic extended permit ip any any
!
flow-export destination inside 192.168.4.4 2056
flow-export template timeout-rate 1
!
class-map netflow-traffic-class
match access-list netflow-traffic
!
policy-map global_policy
class netflow-traffic-class
flow-export event-type all destination 192.168.4.4