Cisco has introduced NetFlow 9 export in the latest software version for ASA firewalls. But it seems to be meant for event logging of security events only (as a replacement for syslog messages).
But can it still be used for bandwidth monitoring, too? And if so, how must the ASA be configured?
Here the relevant info from the Cisco Website:
Best Answer
Security Event Logging is something different to what you're after. I believe you want straight NetFlow (v5 will do) - exported to some type of analyzer.
I've used, and can recommend, ManageEngine Netflow Analyzer: http://www.manageengine.com/products/netflow/download-free.html
Grab the free edition, and fire this up on a server somewhere. Make sure the server's firewall permits traffic on port 9996 (UDP). Then, use the following config on your ASA to export network flow data:
Note that in my example, I have assumed you have a global_policy policy-map defined.
Browse to Netflow Analyzer and log in. Netflow analyzer will break down the ASA output into source/destination connections, including traffic in megabytes per connection, and will even perform port analysis to show you the applications in use.
This makes it particularly easy to see when an employee is torrenting for instance. :-)