Firepower is not logging any connection event in sometimes

Samer R. Saleem · ‎12-03-2018

Hi,

Today I noticed that Firepower sometimes working and sometimes it doesnt record any logs for connection events!!

for example today I checked connection events from 07:00 AM to 09:00 and I can see the logs started only from 08:49 AM

I have upgraded recently to new version 6.2.3.7

anyone know what is the cause?

phil.hydea · ‎12-03-2018

Hi

Was the upgrade on the FMC, FTD or both?

Have you checked your logging options are still configured in the ACP?

Can you see if traffic is hitting the ACP rules using a general filter on
the FTD CLI (system support firewall-engine-debug or firewall-engine-debug)
or on the advanced troubleshooting page?

Thanks

Samer R. Saleem · ‎12-03-2018

Both upgraded

the connection events is not completely not working, but for today we have got a malware in an email, and while checking firepower I can see that time there was no logs at all, just like traffic was bypassing firepower....

Abheesh Kumar · ‎12-03-2018

If it is bypass also you will get the log. Check weather are you enable logging on the rules. You can see the connection events in
Analysis > Connection Events

Please make sure your time window for searching the events are correct.

For intrusion events you can check Analysis > Intrusion Events

For malware events You can check Analysis > Malware events

If your default action is Block all traffic and logging enabled for default action, those blocked events also you can see in the connection events.

HTH

Abheesh