cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
596
Views
9
Helpful
3
Replies

New Firesight 5.4.0 Deployment - Logs and Dashboard data does not appear

Hello Everyone, 

I did the setup for firesight 5.4.0 and sourcefire also run 5.4 version. Everything works perfectly and even i created some rule to block URL's and getting the desired result that is block page.

But when i check the Dashboard or under Analysis>Connection>Event i am unable to see the connections.
On Dashboard i can see the Client OS details.

I enabled logging for rules which i created and also for default network discovery policy. But still unable to get the events/connections/data on the dashboard or under connection>events.

Any help in this regard will be appreciated.

Thanks.

3 Replies 3

yogdhanu
Cisco Employee
Cisco Employee

Hi

If logging is enabled then you should be able to see the events. Check the following.

>check if there are any health alerts on the firesight like NTP sync or correlator etc.

>Check the connection events page top right section to make sure its not filtering some static date and time and is in expanding mode (showing data for last 2 hours or so )

Rate if helps.

Yogesh

Thanks for reply yogdhanu

There is a time sync error  between firesight and asa/firepower. On both devices time setting is manual right now. Will it effect the events or dashboard

Other settings look fine what u mentioned.

Please advice

Hi ,

Generally we recommend that Firesight should be using the ntp server and managed devices should use FMC for time.

System > Local > System Policy. Go under Time synchronization and there in the Supported Platforms section set the NTP to be "Via NTP from Defense Center" (aka FMC). Higher up in that section, point your "Defense Center" to an authoritative NTP server or set of servers. Save policy and Exit and then deploy it.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Review Cisco Networking for a $25 gift card