is there a way to increase the number of rows on the analysis events pages?
every page in FMC Analysis (connection, file, etc) seems to be limited to 25 rows per page.
I need to inspect about 68,000 rows of connection events from a device that was infected with adware. I don't want to look at 2700 pages.
I'd like to see maybe 100 rows per page, or more.
clicking "view all" at the bottom of the page does nothing.
I've attached a snapshot to explain what I'm talking about.
if you click on "report designer" on the page in question and generate a report, it will show all events. so it can be done. Thanks for the help.
I guess the best option is to send all events on syslog server and then customize it on excel sheet the way you want to view the details.
Currently on 6.2.2 and still have the same (annoying) restriction unless I am missing something.
The setting can be changed per user as shown in the screenshots below. Click on your username in the upper right of the FMC GUI and then "User Preferences > Event View Settings". The maximum you can set is 1000 events per page.
This is awesome!!
One more thing, when we search for connection events - is there any way to See total number of rows at the end instead of this message "Displaying rows 1–500 of many rows". I would like to see total number of rows instead of it saying "many rows".
Any heads up would be highly appreciated!
I do recall seeing the "many rows" previously on some FMCs. Are you seeing it on a recent release still? I'm looking at one right now (Release 188.8.131.52 running on an FMC 1000 hardware appliance) with 1,268,178 rows and it shows the full number.
Update - I do see it when I do a filtered search. I think they don't calculate the total number of hits when you filter the search.
Exactly i am running 184.108.40.206, and yeah makes sense, when i search for general connection events - shows total number but for filtered search same thing "many rows".
Hi. I'm just enquiring if its possible to view logs older than 24 hours?
I don't seem to be able to see logs older than that. Can I change to view to see older logs?
Thanks in advance
It depends on your FMC. If it is Virtual FMC and you have set the max limit of Connection Events under Connection Database.
That being said, "A virtual FMC is limited by design to 10 million events total. See Table 3 of the product data sheet for confirmation: http://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-c78-736775.html
That includes 2 million Connection Events and 1 million each of various other types of events as shown in your FMC under System > Configuration > Database. You can change the relative allocations and even go so far as to allocate all 10 milion records to connections events. But the overall database size is not configurable nor is the amount of disk allocated to the VM."
Find more information over here:
So if you are on your max connection event limit and you are still not able to see the events, then you may have to switch to the Physical FMC.
Hope this helps