FTD 4115 Reporting

D@1984 · ‎06-23-2022

Is there a way to show which rule traffic hit when generate a report? What I'm after is to be able to filter logs based on a rule name/number.

Thanks

balaji.bandi · ‎06-23-2022

check this below may help you :

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212330-firepower-management-center-display-acc.html

Long back i made using output of - > show access-control-config ( daily basis and made report) (out of the box)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎06-23-2022

If you're using FMC, use Analysis > Connection Events > Table View of Connection events. Assuming you have your rules set to log to FMC, that view will include the rule that the connection event hit. (You will have to scroll right to see it.)

You can generate a report from that page and add/remove columns as desired to display only the data you want.

D@1984 · ‎06-24-2022

thanks Marvin, the last 3 column are url category, url reputation and device. I cant see any name or rule ID.

Marvin Rhoads · ‎06-24-2022

D@1984 be sure to switch to the "Table View of Connection Events". Then use the horizontal scroll bar (or zoom out) to see all the columns.

Table View of Connection Events columns Table View of Connection Events columns

FTD 4115 Reporting

Cisco Secure Firewall (FTD) - How To

Doc - Troubleshooting de tráfico de datos y control en el FTD

Secure Firewall (FMC/FTD): はじめての AI アシスタント

FTD: DoS/DDoS 攻撃からの保護方法

Firepower 4115 - FTD Container Instance Questions