Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
3
Helpful
5
Replies

Cisco FTD lost connection to FMC, what will happen to the IPS eventlog

Go to solution
Freemen
Level 1
Level 1

‎02-06-2024 07:46 AM

lets say FMC down for 1 day, after FMC up, will the 1 day event send back to FMC? 

will it have any datalost?

0 Helpful
1 Accepted Solution

Accepted Solutions
5 Replies 5

Go to solution
Freemen
Level 1
Level 1
In response to tvotna

‎02-07-2024 01:20 AM

Thanks for the info

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-06-2024 12:44 PM

As implied by @tvotna , yes. You will most likely lose a record of events as the FTD device is not designed to store a large number of events locally.

Go to solution
Wonxie
Level 1
Level 1
In response to Marvin Rhoads

‎02-27-2024 04:28 AM

You will most likely lose a record of events as the FTD device is not designed to store a large number of events locally.

so does it storoes some ? how much ? will they be sent back to fmc when its up ?

0 Helpful

Go to solution
tvotna
Spotlight
Spotlight
In response to Wonxie

‎02-27-2024 05:38 AM

On managed devices events are stored in files. Yes, events are sent to FMC when connectivity between managed device and FMC is restored, unless events are drained from files, if the number of events exceeds certain limit. Different event types have different limits. Use "show disk-manager" and this article for explanations:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/216081-troubleshoot-drain-of-fmc-unprocessed-ev.html

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card