Only reason you would not see

Kristian Mattocks · ‎07-07-2017

Hi,

I'm looking to investigate some URL events on the FMC, however i can't seem to find a way to get any further information in regards to them, I've tried to search though Analysis and nothing showing in regards to a source IP or the blocked URL.

I've also tried to run a search for "High risk" under the url reputation but it doesn't return any results.

Has anyone else had this issue of trying to find out which users are trying to do things / trigger URL blocks etc?

Thanks

Kris

Dinesh Verma · ‎07-07-2017

Only reason you would not see those events with specific search is because there is no such event with those search parameter OR Maybe connections do exist but URL reputation or category is missing.

I would suggest you generate some traffic from a PC for a few websites and verify if you see reputation and category for them (Quick verification).

Jetsy Mathew · ‎07-07-2017

Adding to what DV adviced, please make sure that you have enabled logging for the requires rules.

Kristian Mattocks · ‎07-07-2017

Thank you both for the replies.

Logging is enabled, I've disabled, re-enabled and have redeployed the configuration to the device, I will see if that does anything but i doubt it.

I can see other events and some url stuff but i'm just not getting alot of it which i would expect.

I will continue to have a look around and check if anything looks a miss.

Dinesh Verma · ‎07-09-2017

Great. Let us know if you need any help. If this is something urgent, you can open up a case with us, else we would be glad to assist here.

URL filtering events in FMC