Firepower is not logging any connection event in sometimes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2018 04:35 AM - edited 03-12-2019 07:08 AM
Hi,
Today I noticed that Firepower sometimes working and sometimes it doesnt record any logs for connection events!!
for example today I checked connection events from 07:00 AM to 09:00 and I can see the logs started only from 08:49 AM
I have upgraded recently to new version 6.2.3.7
anyone know what is the cause?
- Labels:
-
NGIPS

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2018 05:01 AM
Was the upgrade on the FMC, FTD or both?
Have you checked your logging options are still configured in the ACP?
Can you see if traffic is hitting the ACP rules using a general filter on
the FTD CLI (system support firewall-engine-debug or firewall-engine-debug)
or on the advanced troubleshooting page?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2018 05:12 AM
Both upgraded
the connection events is not completely not working, but for today we have got a malware in an email, and while checking firepower I can see that time there was no logs at all, just like traffic was bypassing firepower....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2018 08:12 AM
If it is bypass also you will get the log. Check weather are you enable logging on the rules. You can see the connection events in
Analysis > Connection Events
Please make sure your time window for searching the events are correct.
For intrusion events you can check Analysis > Intrusion Events
For malware events You can check Analysis > Malware events
If your default action is Block all traffic and logging enabled for default action, those blocked events also you can see in the connection events.
HTH
Abheesh
