Our ASAs (version 8.2(x)) send to a SolarWinds Orion collector using Netflow version 9. We didn't have to do anything special to get it to work. SolarWinds has a doc with a good explanation of the differences between "normal" and "ASA" Netflow here: http://www.solarwinds.com/documentation/Netflow/docs/understandingciscoasanetflow.pdf.
If it helps here is a sample configuration:
access-list flow_export_acl extended permit ip any any
flow-export destination inside collector_IP_address 2055
flow-export template timeout-rate 1
flow-export delay flow-create 15
class-map flow_export_class
match access-list flow_export_acl
description Netflow
class flow_export_class
flow-export event-type all destination collector_IP-address
NetFlow is a protocol for exporting aggregated IP flow totals. As such it is well suited to IP traffic accounting on Internet routers. With Netflow V9 (AKA IPFIX it can look into Layer 2 traffic as well)
sFlow is a general purpose network traffic measurement system technology. sFlow is designed to be embedded in any network device and to provide continuous statistics on any protocol (L2, L3, L4, and up to L7), so that all traffic throughout a network can be accurately characterized and monitored. These statistics are essential for congestion control, troubleshooting, security surveillance, network planning etc. They can also be used for IP accounting purposes.
Netflow mirrors all traffic, and places a load on the CPU when utilised.
SFlow is a packet sampling technology where the switch captures every 100th packet (configurable) per interface and sends it off to the collector. sFlow is built into the ASIC, and places minimal load on the CPU.
Netflow supported by Cisco, Juniper, Alcatel Lucent, Huawei, Enterasys, Nortel, VMWare
sFlow supported by Alaxala, Alcatel Lucent, Allied Telesis, Arista Networks, Brocade, Cisco, Dell, D-Link, Enterasys, Extreme, Fortinet, Hewlett-Packard, Hitachi, Huawei, IBM, Juniper, LG-Ericsson, Mellanox, MRV, NEC, Netgear, Proxim Wireless, Quanta Computer, Vyatta, ZTE and ZyXEL (see sFlow link)
Best Answer
For traffic analysis sampled netflow is often used, because 1:1 sampling (or non-sampled) netflow can be quite a burden on both the router sending the flow data and on the flow receiver. Most setups I've seen use a sampling rate varying from 1:100 upto 1:4000 (depending on the size of the network and the amount of traffic pushed), and they're perfectly able to do traffic anomaly analysis (DDoS detection) or even customer usage billing with that.