Increase Event Log disk usage

moody · ‎08-02-2016

I am running the vm version of Firesight 6.0.1 - I noticed that when I go to look at the 'Connections > Events' tab, the furthest I can go back is about an hour - I need it to back at least 24 hours.

Under System > Configuration I increased the Maximum Connection Events Database to 8000000.

Is there anything else I can do to be able to look further back?

Jetsy Mathew · ‎08-02-2016

Hello Team,

Please verify the connection events database settings.

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/System-Policy.html#pgfId-8018593

If you already configured the max and still cannot be acheive the enough connection events , then you have to check the events per seconds. If there are too much events triggering up then , the events would have been getting pruned since its reaching the max usage. Also make sure that the time window which you see in the right hand side of the connection events page is a sliding one or an static one.

Another reference link :-

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118012-troubleshoot-firesight-00.html

Rate if the post helps you

Regards

JETSY

evan.chadwick1 · ‎04-12-2017

You can filter logging activity such as dns requests or what ever you choose to be high, but not required to be logged.

ALso you can set a IPS policy to not log and apply that IPS policy to traffic you might want to protect but not hear about (guest wifi and other networks you dont manage the end host of).

Rate if helps.