Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
0
Helpful
1
Replies

Event log limitation?

Tyler N
Level 1
Level 1

‎02-10-2017 10:28 AM - edited ‎03-12-2019 06:17 AM

We are running Cisco Firepower Management Center (v6.1.0.1 build 53).

While reviewing Connections->Events, we are having difficulty reviewing entries older than an hour or so (or perhaps it's based on # of items). For example at 1:20pm EST we view Connection Events with the filter “Block” and for a specific device. Upon going to page 2, there are no events beyond 12:18pm EST. This occurs with various filters and views.

Is there a limitation on this size or documentation on the specifics?


Thank you.

Labels:
0 Helpful
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎02-10-2017 12:54 PM

The Firepower Management center has a default limit of 1 million events, after which it is overwritten. Also, depending on your logging setting, events might be logged twice, causing older logs to be overwritten. Try increasing it to a higher value based on the type of FMC in your environment. The limits are given in the doc here:

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118012-troubleshoot-firesight-00.html

Also, the above guide should help explain how events may be logged twice (beginning and end of a connection) or not logged at all.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card