08-02-2016 06:37 AM - edited 03-10-2019 06:39 AM
I am running the vm version of Firesight 6.0.1 - I noticed that when I go to look at the 'Connections > Events' tab, the furthest I can go back is about an hour - I need it to back at least 24 hours.
Under System > Configuration I increased the Maximum Connection Events Database to 8000000.
Is there anything else I can do to be able to look further back?
08-02-2016 06:50 AM
Hello Team,
Please verify the connection events database settings.
http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/System-Policy.html#pgfId-8018593
If you already configured the max and still cannot be acheive the enough connection events , then you have to check the events per seconds. If there are too much events triggering up then , the events would have been getting pruned since its reaching the max usage. Also make sure that the time window which you see in the right hand side of the connection events page is a sliding one or an static one.
Another reference link :-
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118012-troubleshoot-firesight-00.html
Rate if the post helps you
Regards
JETSY
04-12-2017 07:56 PM
You can filter logging activity such as dns requests or what ever you choose to be high, but not required to be logged.
ALso you can set a IPS policy to not log and apply that IPS policy to traffic you might want to protect but not hear about (guest wifi and other networks you dont manage the end host of).
Rate if helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide