03-20-2017 01:11 PM - edited 03-12-2019 06:19 AM
is there a way i can keep at least 6 hours in connection events?
is this under system / Configuration / database / Connection Database / Maximum Connection events?
my setting is currently 1000000 events.
is there anything i should be concerned about if i raise that to 2000000?
Thank you.
03-20-2017 06:07 PM
If you are using the FMC VM, you have a limit of 10 million events. A long as your sum of the connection events and Security Intelligence events does not exceed that amount, you should be ok. As far as concerns, I was able to make a change to the event database during production without any impact. You may want to read up this doc to see if there are other ways to limit whats being logged:
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118012-troubleshoot-firesight-00.html#anc7
03-21-2017 05:49 AM
I am using the VM.
Since I'm only at 1 million events, i should be able to double that without issue then.
correct?
03-24-2017 07:19 AM
Yes, it should work without any issues. Just keep in mind that if you increased it to 10M events performance will degrade when checking events.
04-13-2017 02:10 PM
i have a fmc4000. I raised the limits from 3.5 million to 35 million.
I'm still seeing pruning events every hour of 25k. Do I need to restart the fmc for it allocate the space?
there is nothing mentioned to require this from what i can tell.
ta
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide