Collect Flows from CISCO Switch
In case you have a data source "CISCO Switch" configured as a standard syslog data source and you want also to collect flows from the switch, then you need to add an additional data source with the following settings:
Data Source Vendor: NetFlow
Data Source Model: Generic NetFlow
No matter what I try I can't get flows downloaded. I have confirmed via tcpdump on the ESM that the netflow packets are getting there. Could you provide some detail to your post above as I have not found a McAfee doc yet that describes this process.