Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1259
Views
0
Helpful
4
Replies

How to check Snort events/logs in FTD/FMC?

PacketSpartan
Level 1
Level 1

‎02-01-2023 03:16 AM

Hi All 

Is there a way to check the Snort events/logs on the SFR or on the FMC?

We need to rule out our Firepower module for a recent outage

Thank you in advance

CCNA R&S
0 Helpful
4 Replies 4

PacketSpartan
Level 1
Level 1
In response to MHM Cisco World

‎02-01-2023 04:02 AM

This is not a valid link, it just takes me back to my own post 

 

Could you give me the link again please

CCNA R&S
0 Helpful

MHM Cisco World
VIP
VIP
In response to PacketSpartan

‎02-01-2023 04:14 AM

sorry typo, I correct it

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-01-2023 07:14 AM

If you are using FMC and have enabled the policy rules to "send connection events to FMC", then you can check the Analysis > Connection Events or Security Intelligence Events views.

Note that connection events often fill up the allocated space in the database and older events age out - often in less than a day depending on your environment.

Using an external log server can alleviate this - the link shared by @MHM Cisco World provides more detail on that. (But obviously it won't help you for anything that's past already.)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card