Re: Health monitoring graph FMC

FredrikW73 · ‎08-24-2023

If I view the graphs for FMC in FMC GUI under System/Health Monitor/Monitor I see one diagram for Event rate.

Example below:

What type of events is this, all event types?

Also 5.00 million events per sec seems wrong. What is the timeframe? Should the M be substituted for K?

Marvin Rhoads · ‎08-24-2023

The events are all types - Connection, Intrusion, Security Intelligence, Malware etc.

The "M" on the scale is "Mega" = 100,000 multiplier for the ordinal number on the scale.

FredrikW73 · ‎08-24-2023

Strange, isn't mega equal to 1 million?

mega (M) = 10 to the power of 6 = 1000.000

giga (G) = 10 to the power of 9 = 1000.000.000

tera (T) = 10 to the power of 12 = 1000.000.000.000

Marvin Rhoads · ‎08-25-2023

Sorry - my mistake. You are connect - M is mega/million.

That graph you shared is indeed surprisingly high. The couple of production FMCs I just checked are running in the single digit k events/second.

rhingel · ‎08-25-2023

Depending on how your ACP Rules are configured, you might be recording events on the start and end of connection, which would account for more EPS. I suggest to review the policies in place.

Marvin Rhoads · ‎08-26-2023

You might also be logging a lot of blocks from the Internet originating from malicious actors, script kiddies, attempts at DDOS etc.. Check by disabling logging on the default block or whatever rule(s) you use to block incoming traffic.

FredrikW73 · ‎08-29-2023

After checking the number of events over time I can say with confidence that the labeling on
the diagram vertical axis is incorrect. We have approx 5K - 10K events per second not 5M - 10M events per second.

It is a bug/visual glitch.

We run FTD 7.0.5, maybe this is fixed in 7.2