Thanks for reply yogdhanu

Fazal E Rasool Khan · ‎05-10-2016

Hello Everyone,

I did the setup for firesight 5.4.0 and sourcefire also run 5.4 version. Everything works perfectly and even i created some rule to block URL's and getting the desired result that is block page.

But when i check the Dashboard or under Analysis>Connection>Event i am unable to see the connections.
On Dashboard i can see the Client OS details.

I enabled logging for rules which i created and also for default network discovery policy. But still unable to get the events/connections/data on the dashboard or under connection>events.

Any help in this regard will be appreciated.

Thanks.

yogdhanu · ‎05-10-2016

Hi

If logging is enabled then you should be able to see the events. Check the following.

>check if there are any health alerts on the firesight like NTP sync or correlator etc.

>Check the connection events page top right section to make sure its not filtering some static date and time and is in expanding mode (showing data for last 2 hours or so )

Rate if helps.

Yogesh

Fazal E Rasool Khan · ‎05-10-2016

Thanks for reply yogdhanu

There is a time sync error between firesight and asa/firepower. On both devices time setting is manual right now. Will it effect the events or dashboard

Other settings look fine what u mentioned.

Please advice

Aastha Bhardwaj · ‎05-10-2016

Hi ,

Generally we recommend that Firesight should be using the ntp server and managed devices should use FMC for time.

System > Local > System Policy. Go under Time synchronization and there in the Supported Platforms section set the NTP to be "Via NTP from Defense Center" (aka FMC). Higher up in that section, point your "Defense Center" to an authoritative NTP server or set of servers. Save policy and Exit and then deploy it.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

New Firesight 5.4.0 Deployment - Logs and Dashboard data does not appear