cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9138
Views
5
Helpful
11
Replies

No Intrusion Events populating in the FMC

iolide
Level 1
Level 1

Hello,

 

I've recently come across an issue where there are no Intrusion Events being populated in the FMC. The last Intrusion event log was about 10 days ago, but now there is "No Data" under Overview -> Intrusion and when I go to Analysis -> Intrusion -> Events; there are no events being shown. 

 

Nothing has changed configuration wise, but the FMC was upgraded to 6.4.0 while the sensors are running on 6.1.0/6.2.0.

Any Ideas or suggestions?

 

Thanks for help.

 

11 Replies 11

nspasov
Cisco Employee
Cisco Employee

A couple of things to check:

Is the device enabled with IPS license

Do you have an IPS policy applied to an Access Control Policy

Is logging enabled for the IPS events

Generate some IPS events manually and check again. It is perhaps possible that there has not been any intrusions in the time window that you are checking for :)

Thank you for rating helpful posts!

iolide
Level 1
Level 1