- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-29-2020 11:57 AM
I am only getting 3 days of logging within FMC. I have adjusted the time frame etc and I can only go back 3 days worth of events. Any ideas here?
Solved! Go to Solution.
- Labels:
-
IPS and IDS
-
NGFW Firewalls
-
Sourcefire
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-29-2020 12:22 PM
Hello Keith,
You are probably logging every possible rule in your ACP and it is exhausting the Database limits in the FMC for this purpose. If you are looking to have all the rules logging every connection, you can alternatively use an external syslog to get all this info too. However, depending on the FMC model you work with, you can expand the Event Database limits as described in FMC Config Guide - Database Limits
Please review this info and let me know if you have any additional doubts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-29-2020 12:22 PM
Hello Keith,
You are probably logging every possible rule in your ACP and it is exhausting the Database limits in the FMC for this purpose. If you are looking to have all the rules logging every connection, you can alternatively use an external syslog to get all this info too. However, depending on the FMC model you work with, you can expand the Event Database limits as described in FMC Config Guide - Database Limits
Please review this info and let me know if you have any additional doubts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2020 01:16 AM
The limit is subject to number of lines versus the type of your FMC. See
this post
https://community.cisco.com/t5/network-security/fmc-limit-of-events/td-p/2917630
**** please remember to rate useful posts
