cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
860
Views
0
Helpful
4
Replies

FMC 7.2.4 logging bug? Connection Event to FMC but it is not required

Connection events are forwarded to the FMC even if logging is configured to send them only to the syslog. (See the attached image). Is this a bug in FMC 7.2.4?  This is a big problem because it fills the database and reduces the Event Capacity to a few days.

Any suggestions?

Thank you

4 Replies 4

sadiakeelyn
Level 1
Level 1

I'm facing the same issue with FMC 7.2.4. Despite configuring logging to send connection events only to the syslog, they are still being forwarded to the FMC. This is causing the database to fill up quickly and reducing the Event Capacity to just a few days. Is this a known bug or is there a workaround?

Any suggestions would be greatly appreciated.

 

 

kiwilab.pl 

 

Marvin Rhoads
Hall of Fame
Hall of Fame

Assuming there are no overrides (click "Show Overrides" to verify), the configuration shown by @CentroComunicazioni04877 should prevent the FMC from getting connection event logs for a given rule. You can look at the table view of connection events and verify the specific rule(s) that are sending the events.

The release notes for 7.2.4, 7.2.4.1 and 7.2.5 don't list any bug (open of fixed) for this issue. I have not seen it on numerous FMCs that I have setup and operated.

You should open a TAC case if my first suggestion doesn't resolve the issue.

Hi Marvin,
thanks for your feedback. The configuration has no overrides. I will proceed to open a TAC case. Greetings

Hi there,

I'm seeing similar behaviour, did you get a resolution to this? 

Many thanks,

Tim

Review Cisco Networking for a $25 gift card