Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
5
Helpful
4
Replies

FTD 4115 Reporting

D@1984
Level 1
Level 1

‎06-23-2022 09:27 AM

Is there a way to show which rule traffic hit when generate a report? What I'm after is to be able to filter logs based on a rule name/number.

 

 

Thanks 

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎06-23-2022 09:36 AM

check this below may help you :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212330-firepower-management-center-display-acc.html

 

Long back i made using output of  - > show access-control-config  ( daily basis and made report) (out of the box)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-23-2022 09:36 AM

If you're using FMC, use Analysis > Connection Events > Table View of Connection events. Assuming you have your rules set to log to FMC, that view will include the rule that the connection event hit. (You will have to scroll right to see it.)

You can generate a report from that page and add/remove columns as desired to display only the data you want.

0 Helpful

D@1984
Level 1
Level 1

‎06-24-2022 01:58 AM

thanks Marvin, the last 3 column are url category, url reputation and device. I cant see any name or rule ID.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to D@1984

‎06-24-2022 10:49 AM

D@1984 be sure to switch to the "Table View of Connection Events". Then use the horizontal scroll bar (or zoom out) to see all the columns.

Table View of Connection Events columnsTable View of Connection Events columns

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card