Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
2
Replies

connetion events in FMC

Go to solution
khaled-jd
Level 1
Level 1

‎04-17-2024 10:56 PM

Hi Dears,

in our company we have FMC\FTD but the logs (connection event) were saved for almost 1 week back only.

i have been checked the limitation as the below table

Connection events

Security Intelligence events

50 million (FMC Virtual, FMC750)


100 million (FMC1000, FMC1500, )


300 million (FMC2000, FMC2500)

500 million (FMC3500)


1 billion (FMC4000, FMC4500)

but my query is our Firepower's(4110) are without SSD cards, is this related?

if it's not can anyone advise me what is the main job for SSD card and shall we install it or not?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-18-2024 12:14 AM 

in our company we have FMC\FTD but the logs (connection event) were saved for almost 1 week back only.

Its all depends on what you want to log, how this is confgiured.

Most of the Logs will be stored on FMC. the information you provided same page have all the information.

I do not believe you can increase the space (depends on the model of FMC that is the limitation maximum events.

Also where this FTD located - as i mentioned what Logging config done on the ACL (what features you have in FTD)

to get best outcome, i suggest visit ACP and big hitter and you know that expected behavior, so remove that Logging, since you know that is allowed, you do not need to track that event

If you have any compliance you need to log each connection event, then suggest to offload using SYSLOG option to external - there you have as much space you need and you can store as many as logs you likes - depends on the capacity and requirement.

SSD - is different use case, in this case not required.

reference :

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/system_configuration.html?bookSearch=true#Cisco_Reference.dita_1582cc5e-98b0-4f2f-a3f9-228568066ff5

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-18-2024 12:14 AM 

in our company we have FMC\FTD but the logs (connection event) were saved for almost 1 week back only.

Its all depends on what you want to log, how this is confgiured.

Most of the Logs will be stored on FMC. the information you provided same page have all the information.

I do not believe you can increase the space (depends on the model of FMC that is the limitation maximum events.

Also where this FTD located - as i mentioned what Logging config done on the ACL (what features you have in FTD)

to get best outcome, i suggest visit ACP and big hitter and you know that expected behavior, so remove that Logging, since you know that is allowed, you do not need to track that event

If you have any compliance you need to log each connection event, then suggest to offload using SYSLOG option to external - there you have as much space you need and you can store as many as logs you likes - depends on the capacity and requirement.

SSD - is different use case, in this case not required.

reference :

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/system_configuration.html?bookSearch=true#Cisco_Reference.dita_1582cc5e-98b0-4f2f-a3f9-228568066ff5

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card