https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3867142#M925478 <P>Have you selected "Log at beginning of Connection" in the ACP rule and also indicated that the log destination should be the Event Viewer?</P> Tue, 04 Jun 2019 03:13:59 GMT Marvin Rhoads 2019-06-04T03:13:59Z https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3865401#M925474 <P>We have FMC ( Ver 6.2.3.3 ) anf FTD ASA5516-x now .</P><P>&nbsp;</P><P>I have set access control policy with application + URL , but I can't see any hit count on FTD.</P><P>&gt; show running-config | grep 268439554<BR />access-list CSM_FW_ACL_ remark rule-id 268439554: ACCESS POLICY: BFTD_Base - Mandatory<BR />access-list CSM_FW_ACL_ remark rule-id 268439554: L7 RULE: PCI-to-Block<BR />access-list CSM_FW_ACL_ advanced permit ip ifc PCI object BAJA_PCI ifc Internet_Alestra any4 rule-id 268439554<BR />access-list CSM_FW_ACL_ advanced permit ip ifc NONPCI object BAJA_PCI ifc Internet_Alestra any4 rule-id 268439554<BR />&gt; show access-list | grep 268439554<BR />access-list CSM_FW_ACL_ line 159 remark rule-id 268439554: ACCESS POLICY: BFTD_Base - Mandatory<BR />access-list CSM_FW_ACL_ line 160 remark rule-id 268439554: L7 RULE: PCI-to-Block<BR />access-list CSM_FW_ACL_ line 161 advanced permit ip ifc PCI object BAJA_PCI ifc Internet_Alestra any4 rule-id 268439554 (hitcnt=0) 0x68dbf84e<BR />access-list CSM_FW_ACL_ line 161 advanced permit ip ifc PCI 10.48.20.0 255.255.255.0 ifc Internet_Alestra any4 rule-id 268439554 (hitcnt=0) 0x68dbf84e<BR />access-list CSM_FW_ACL_ line 162 advanced permit ip ifc NONPCI object BAJA_PCI ifc Internet_Alestra any4 rule-id 268439554 (hitcnt=0) 0xa07662a7<BR />access-list CSM_FW_ACL_ line 162 advanced permit ip ifc NONPCI 10.48.20.0 255.255.255.0 ifc Internet_Alestra any4 rule-id 268439554 (hitcnt=0) 0xa07662a7<BR />&gt;</P><P>How can I verify what wrong i have ?</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2019-05-30_11-28-14.jpg" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/37721iF1FF2A2DA3F88AC3/image-size/large?v=v2&amp;px=999" role="button" title="2019-05-30_11-28-14.jpg" alt="2019-05-30_11-28-14.jpg" /></span></P> Fri, 21 Feb 2020 17:10:56 GMT https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3865401#M925474 jkim3 2020-02-21T17:10:56Z https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3865517#M925475 <P>Are you showing any Block connection events (in FMC Event viewer) that are a result of the configured rule?</P> <P>The hit count definitely works in FTD cli - I just confirmed on a system running 6.2.3.11.</P> <P>Try using this command:</P> <PRE>&gt; show access-list | exclude hitcnt=0</PRE> Fri, 31 May 2019 02:18:03 GMT https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3865517#M925475 Marvin Rhoads 2019-05-31T02:18:03Z https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3866911#M925476 <P>Hi Marvin ,</P><P>&nbsp;</P><P>Thanks for your reply , but I am so confused why I can't see log</P><P>&nbsp;</P><P>&gt; show access-list | grep 268440579<BR />access-list CSM_FW_ACL_ line 138 remark rule-id 268440579: ACCESS POLICY: BFTD_Base - Mandatory<BR />access-list CSM_FW_ACL_ line 139 remark rule-id 268440579: L7 RULE: PCI-to-Block<BR />access-list CSM_FW_ACL_ line 140 advanced permit ip ifc PCI object BAJA_PCI ifc Internet_Alestra any4 rule-id 268440579 (hitcnt=824) 0x68dbf84e<BR />access-list CSM_FW_ACL_ line 140 advanced permit ip ifc PCI 10.48.20.0 255.255.255.0 ifc Internet_Alestra any4 rule-id 268440579 (hitcnt=824) 0x68dbf84e</P><P>&nbsp;</P><P>After I clear the counter , I see 824 hits , but I can't see any log&nbsp;</P> Mon, 03 Jun 2019 16:39:36 GMT https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3866911#M925476 jkim3 2019-06-03T16:39:36Z https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3866933#M925477 <P>Hi Marvin ,</P><P>&nbsp;</P><P>As we saw hit count is increased then before , But I can't see any block log on FMC</P><P>&nbsp;</P><P>&gt; show access-list | grep 268440579<BR />access-list CSM_FW_ACL_ line 138 remark rule-id 268440579: ACCESS POLICY: BFTD_Base - Mandatory<BR />access-list CSM_FW_ACL_ line 139 remark rule-id 268440579: L7 RULE: PCI-to-Block<BR />access-list CSM_FW_ACL_ line 140 advanced permit ip ifc PCI object BAJA_PCI ifc Internet_Alestra any4 rule-id 268440579 (hitcnt=48315) 0x68dbf84e<BR />access-list CSM_FW_ACL_ line 140 advanced permit ip ifc PCI 10.48.20.0 255.255.255.0 ifc Internet_Alestra any4 rule-id 268440579 (hitcnt=48315) 0x68dbf84e<BR /><BR /></P> Mon, 03 Jun 2019 17:15:59 GMT https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3866933#M925477 jkim3 2019-06-03T17:15:59Z https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3867142#M925478 <P>Have you selected "Log at beginning of Connection" in the ACP rule and also indicated that the log destination should be the Event Viewer?</P> Tue, 04 Jun 2019 03:13:59 GMT https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3867142#M925478 Marvin Rhoads 2019-06-04T03:13:59Z https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3867471#M925506 <P>Hi Marvin ,</P><P>You're right . It is checked log at beginning of connection .</P><P>I can't check log at end of connection . The box is deactivated . why ?</P><P>&nbsp;</P><P>I can't see any events as below . it is extended 6 hours&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="2019-06-04_7-50-40.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/37997iE3BD3DDF98574EC2/image-size/large?v=v2&amp;px=999" role="button" title="2019-06-04_7-50-40.png" alt="2019-06-04_7-50-40.png" /></span></P> Tue, 04 Jun 2019 14:55:00 GMT https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3867471#M925506 jkim3 2019-06-04T14:55:00Z https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3869267#M925507 <P>Because action is block , I can't choose log of end of connection . System block traffic start of connection .</P><P>And I can see log now .</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 07 Jun 2019 03:22:57 GMT https://community.cisco.com/t5/network-security/access-list-hit-count-in-ftd/m-p/3869267#M925507 jkim3 2019-06-07T03:22:57Z