You want to configure a Cisco ASA to send NSEL data for a specific event type to a collector IP address.
Where should you define the collector IP address to achieve this goal?
A. within a service map
B. globally with the flow-export destination command
C. within a class map
D. within a policy map
Explanation:
You should configure a NetFlow Secure Event Logging (NSEL) collector within a policy map on a Cisco Adaptive Security Appliance (ASA) device if you want to send NSEL data for a specific event type to the IP address of that collector. When you are configuring NetFlow on a Cisco ASA, you can use the Modular Policy Framework (MPF) to create a service policy to export event data for a specific type of event.
First, you should create a class map to identify traffic that will be exported to the collector. The class map can use an access control list (ACL) to match specific traffic or any traffic. Next, you should create a policy map to define the action that should be applied to traffic identified by the associated class map. The flow-export event-type event-type destination flow-export-host1 [flow-export-host2] command can be used to specify that certain events be forwarded to a particular collector IP address. Finally, you should create a service policy to apply the policy map to the ASA globally.
Prior to configuring any MPF service policies, Cisco recommends globally configuring any collectors that will be required by the policies. A global collector configuration links the IP address of a collector with an interface on the ASA. For example, the flow-export destination 1.2.3.4 inside command configures a global collector with an IP address of 1.2.3.4 and specifies that the collector be reached through the inside interface. Global collector configuration does not provide the ability to filter NetFlow data for a particular event type.
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_nsel.html#68826