It is indicating that my appliance (the FMC itself) has a MALWARE license expiring.  But it only references itself, not which device that license is for, just that it expires on May 16th, 2018.  But when applying the separate licenses for each device - it doesn't seem to know/indicate which device's license it is.  So as this grows into more than the 6 device it has, it will be a nightmare to understand which license it expiring and needs removed and updated with a new one.

I understand what you are talking about. Are your different ASA's named differently? The license monitor under the FMC should give an error like this:

Violations due to licenses expiring within 90 days:
<Device Name>: URLFilter used count will exceed total by 1 licenses.
<Device Name>: MALWARE used count will exceed total by 1 licenses.

You can reference the Device Name to the name of the ASA when you added it into the FMC.

Another way is to go into the License page. This gives you what licenses are being used by which device and when it expires. 

Could you post a screenshot of what you are seeing on the FMC (without any sensitive info of course)?

Attached.  Each device has its own name, and the Alert is showing the FMC, not a device.  Drilling in only shows the FMC or generic ASA5506.  Sorry to be dense here, but maybe I am missing where you are telling me to check somehow.

Ah OK. So all your devices are same device type, didn't realize that. My mistake. 

Since Malware is a service subscription, I don't know if the subscription itself is tied to one device. But I see a problem with it expiring and not knowing which device will be affected. 

If you want to eventually renew the license, you can just add a new license and have it take over the valid license count when the old one expires. If you want to remove this license, you can remove the malware feature from any 1 device among the 6 that you have and the remaining 5 will have valid licenses. This does not answer your question exactly but should help with your plan for the license expiry.

I would also recommend opening a TAC case to see if there is anyway to get this information from the individual device Firepower services CLI itself. 

I will open a case on it - but this could be quite a pain. I will have to add the renewals of any device in there when it gets renewed to try and stay up, rather than know which one the expired on really belongs to.  I just thought it would know somehow which device - but I guess since you have to enter the FMC serial/address to register the service, it wouldn't know the device after all - just that it has enough to cover the number of devices.  Ick. Not going to be pretty. Too bad it doesn't integrate with SNTC Portal for more information!

Agree, they should really enhance this to put the warning revolving the device rather than the FMC. I believe the same holds true for Smart Licensing. I guess Cisco wants to keep you on your toes and never lapse on the licenses :)

Let us know if you find anything from TAC. 

Hi @Brett Walters 

I have the same issue exactly.

Did you find which was the device that had the problem ?

Thank you

@anousakisioannis 

There is no solution from Cisco on it. You can tell which ones expire, of course, but if you have numerous devices like we do, you can't tell who the license belongs to.  Tracking nightmare.  You just need to watch for the FP renewals for each device, and replace them as they come due.  So when you get a renewal for December 15th, remove the one the expires that date.  Not fun, and complicated - but that's Cisco.

Thank you for replying Brett!