Solved: Firepower Logging

keithcclark71 · ‎12-29-2020

I am only getting 3 days of logging within FMC. I have adjusted the time frame etc and I can only go back 3 days worth of events. Any ideas here?

Sergio Ceron Ramirez · ‎12-29-2020

Hello Keith,

You are probably logging every possible rule in your ACP and it is exhausting the Database limits in the FMC for this purpose. If you are looking to have all the rules logging every connection, you can alternatively use an external syslog to get all this info too. However, depending on the FMC model you work with, you can expand the Event Database limits as described in FMC Config Guide - Database Limits

Please review this info and let me know if you have any additional doubts.

View solution in original post

Sergio Ceron Ramirez · ‎12-29-2020

Hello Keith,

You are probably logging every possible rule in your ACP and it is exhausting the Database limits in the FMC for this purpose. If you are looking to have all the rules logging every connection, you can alternatively use an external syslog to get all this info too. However, depending on the FMC model you work with, you can expand the Event Database limits as described in FMC Config Guide - Database Limits

Please review this info and let me know if you have any additional doubts.

Mohammed al Baqari · ‎12-30-2020

Hi,

The limit is subject to number of lines versus the type of your FMC. See
this post

https://community.cisco.com/t5/network-security/fmc-limit-of-events/td-p/2917630

**** please remember to rate useful posts