Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
1
Helpful
6
Replies

FMC Maximum Events

kroh
Level 1
Level 1

‎02-12-2025 11:59 PM

Hi,

May I know the default value of the event database for FMC4600 and FMC2700 equipment?
Intrusion event database, connection database, malware event database, etc.
As guide of FMC 7, The official document only specifies the upper limit (maximum) value, but does not mention the default value.

And I want to know the flow that is deleted when the intrusion detection event exceeds the maximum value.

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎02-13-2025 01:23 AM 

As guide of FMC 7, The official document only specifies the upper limit (maximum) value, but does not mention the default value.

check the below configuration guide :

Specify the maximum number of event records

Consider the minimum and maximum number of records that can be stored in the database. For example, a virtual Firepower Management Center by default stores 10 million events but the maximum number of events is 50 million. Go to System > Configuration > Database to adjust the size to meet your needs.

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/connection_logging.html

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

kroh
Level 1
Level 1
In response to balaji.bandi

‎02-16-2025 06:24 PM

Thank you for your response.

What I want is the value set as the initial value when the FMC4600 and FMC2700 equipment are first booted

0 Helpful

Aref Alsouqi
VIP
VIP

‎02-13-2025 02:12 AM

I think the default values you see in System > Configuration > Database on any FMC apply to all FMC models. However, the maximum values would change based on model basis.

0 Helpful

kroh
Level 1
Level 1
In response to Aref Alsouqi

‎02-16-2025 06:25 PM

Thank you for your response.

What I want is the value set as the initial value when the FMC4600 and FMC2700 equipment are first booted.

And I want to know the flow that is deleted when it exceeds the value set in database.

0 Helpful

Aref Alsouqi
VIP
VIP
In response to kroh

‎02-17-2025 03:20 AM

Not sure, maby @Rob Ingram or @Marvin Rhoads can help here.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Aref Alsouqi

‎02-19-2025 11:20 AM

I don't know the defaults but they add up not to exceed the overall platform capacity. Those capacities are listed in the data sheet.

They are saved in a first-in, first-out (FIFO) sort of scheme. When the capacity for a given table is exceeded, a periodic job will trim out the oldest ones based loosely on the rate that they are incoming. So you may see the current number exceed the configured limit at times.

"Flows" are never deleted by this process. Only records of events.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card