04-08-2019 08:18 AM - edited 02-21-2020 09:01 AM
My connection event database has only 158000 rows (I assume this means connections) covering only a 12 minute period of time, even though under System - Configuration - Database I have this set to 1,000,000 events.
Why am I not able to store more connections in the FMC than I am currently?
Thanks.
NM
04-10-2019 09:38 PM
Keep in mind that the database takes into considerations all events (IPS, File, Network Discovery, etc.) and not just connection events. Check those as well and see if the math adds up. In general, it is a good practice to get a SIEM solution such as Splunk and utilize the eStreamer to punt events to it.
Thank you for rating helpful posts!
03-11-2021 08:42 PM
How the calculate the storage requirement for Splunk to store the FMC /FTD events?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide