10-11-2023 05:50 AM
Connection events are forwarded to the FMC even if logging is configured to send them only to the syslog. (See the attached image). Is this a bug in FMC 7.2.4? This is a big problem because it fills the database and reduces the Event Capacity to a few days.
Any suggestions?
Thank you
10-11-2023 05:57 AM
I'm facing the same issue with FMC 7.2.4. Despite configuring logging to send connection events only to the syslog, they are still being forwarded to the FMC. This is causing the database to fill up quickly and reducing the Event Capacity to just a few days. Is this a known bug or is there a workaround?
Any suggestions would be greatly appreciated.
10-11-2023 08:04 PM
Assuming there are no overrides (click "Show Overrides" to verify), the configuration shown by @CentroComunicazioni04877 should prevent the FMC from getting connection event logs for a given rule. You can look at the table view of connection events and verify the specific rule(s) that are sending the events.
The release notes for 7.2.4, 7.2.4.1 and 7.2.5 don't list any bug (open of fixed) for this issue. I have not seen it on numerous FMCs that I have setup and operated.
You should open a TAC case if my first suggestion doesn't resolve the issue.
10-12-2023 12:32 AM
Hi Marvin,
thanks for your feedback. The configuration has no overrides. I will proceed to open a TAC case. Greetings
12-03-2024 09:13 AM
Hi there,
I'm seeing similar behaviour, did you get a resolution to this?
Many thanks,
Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide