cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
291
Views
0
Helpful
1
Replies

Logging FTD events in cdFMC (defense orchestrator/SCC)

carl_townshend
Spotlight
Spotlight

Hi All

I am hoping someone can help me.

I need to ensure I have logs from my FTD firewalls in my cloud delivered firewall management centre (Cisco SCC)

I am told we need the security analytics and logging licence, SAL.

When I go to event logging, I can see logged connection events. 

My question is, how are we getting these if we dont have the SAL licence? are these logs as standard or ? ive blocked out our IPs in red.

carl_townshend_0-1740150420964.png

 

 

1 Reply 1

In the top right corner below the black bar (just outside of your screenshot), there should be 3 buttons.

If you hover of the the middle button, it should say Event Logging insights and storage usage.
If you click it, it should tell you how much storage you have, and how much you're using.

Based on the data storage doc, you could be just using the default 90-day storage:
https://docs.defenseorchestrator.com/c_security-analytics-and-logging-event-storage.html

"By default, you receive 90 days of rolling data storage. This policy ensures that the most recent 90 days of events are stored in the Cisco cloud, and data older than 90 days is deleted."

JonatanJonasson_0-1740158466662.png

 

Review Cisco Networking for a $25 gift card