URL Logs

Darkweaver · ‎03-28-2024

So, I'm task with finding if anyone else search or connected to a specific URL in the last 30 days. Does any know if FMC have a way of searching this or generating a report. I have only found ways to create a rule to log it go forward not from the past. Could not find any documentation that wasn't confusing.

Pulkit Mittal · ‎03-28-2024

Make sure logging is enabled.

I think if url reputation or category is missing, you might not be able to see anything for that specific url.

Cisco umbrella is a better solution for activity search for users to any url.

If you find this useful, please mark it helpful and accept the solution.

Darkweaver · ‎04-03-2024

Been out sick but we have umbrella so i may give that a try probably save myself some time and trouble.

MHM Cisco World · ‎03-28-2024

In event log ' did you search by user IP (url)?

MHM

Marius Gunnerud · ‎03-29-2024

This type of log should show up in the connection events section under Analysis. Remember to adjust the time-frame you are looking at as by default FMC will only show you 2 hours into the past.

Depending on the log retention configured in the FMC, and how much traffic passes through the FTD, and if you are logging all connections to the FMC, you might only see a week or two worth of connection logs. I have almost never seen an FMC being able to retain logs for more than 3 weeks in mid-size companies.

--
Please remember to select a correct answer and rate helpful posts