cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2163
Views
5
Helpful
5
Replies

FMC connection events log size and location

bernardca
Level 1
Level 1

Hello,

Does someone here is able to tell me where is the log for the connection events in an FMC 1000?

If not, is there is somewhere where I could find the size of the data we have in the connection events?

I need to define a rule of thumb for how much data would be sent in a SIEM per unit of time.

Thanks,

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

The health monitor in FMC 7.x now shows you the events per second received and database size for various databases. Individual events are around 700 bytes each.

https://community.cisco.com/t5/network-security/firepower-management-center-connection-event-storage/td-p/3396557

bernardca
Level 1
Level 1

@MHM Cisco WorldThanks for the link. It would be useful when we will be ready to implement the solution. Unfortunately, it does not provide the information required which is actual log location so I could estimate the size.

@Marvin RhoadsThanks for the information. Unfortunately, we are still at 6.6 and no possibility to upgrade before many months.

 

You could temporarily log to any Linux server running syslog (or syslog-ng) and just measure the traffic you see during a typical busy hour. Not a very elegant method but it would get the data you're looking for in an empirical manner.

I found under System, Monitoring then Statistics a value for "Connections/Sec". Then I collected this value once per hour and used the 700 bytes per events, I did a bit of math and there we go! That give us a rough value but at least we have something.

Thanks

Review Cisco Networking for a $25 gift card