Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
0
Helpful
1
Replies

Logging FTD events in cdFMC (defense orchestrator/SCC)

carl_townshend
Spotlight
Spotlight

‎02-21-2025 07:08 AM

Hi All

I am hoping someone can help me.

I need to ensure I have logs from my FTD firewalls in my cloud delivered firewall management centre (Cisco SCC)

I am told we need the security analytics and logging licence, SAL.

When I go to event logging, I can see logged connection events. 

My question is, how are we getting these if we dont have the SAL licence? are these logs as standard or ? ive blocked out our IPs in red.

carl_townshend_0-1740150420964.png

 

 

0 Helpful
1 Reply 1

Jonatan Jonasson
Level 4
Level 4

‎02-21-2025 09:25 AM

In the top right corner below the black bar (just outside of your screenshot), there should be 3 buttons.

If you hover of the the middle button, it should say Event Logging insights and storage usage.
If you click it, it should tell you how much storage you have, and how much you're using.

Based on the data storage doc, you could be just using the default 90-day storage:
https://docs.defenseorchestrator.com/c_security-analytics-and-logging-event-storage.html

"By default, you receive 90 days of rolling data storage. This policy ensures that the most recent 90 days of events are stored in the Cisco cloud, and data older than 90 days is deleted."

JonatanJonasson_0-1740158466662.png

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card