Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1545
Views
4
Helpful
3
Replies

User reports for more than one day.

alberx
Level 1
Level 1

‎10-02-2015 01:51 AM

Hi,

I´m creating a new report template trying to get the information of a single user (of course I have user integration throug User Agent working correctly), I build a template with the "input parameter" of "Name=User ; Type=Username", and with the charts as I show in the attached file.

I generate the report and it asks me about the user having my report as expected.

But the problem is when I generate the report for a time windows longer than one day, the resuls are always the same if I choose one day, one week or one month. It seems as if Defense Center is not able to get data for more than one day.

Does anybody knows if there is a limit in the specific data Defense Center can accumulate for a user?

Or maybe how to create a user report with detailed traffic for a specific user for a longer period of one day?

 

Thanks.

Labels:
Preview file
137 KB
0 Helpful
3 Replies 3

Nikhil Vaidya
Level 1
Level 1

‎10-30-2015 07:37 AM

Hi,

The amount of information displayed on a report depends on how much data is stored on the device, and on how much information is requested from the report

There are a few things you can check :

1. Check the database limits. You can choose to increase these limits. This will enable more event storage, but do realize that this impacts performance. You can find the maximum limits in the user guide or the online help section

2. Check how many lines are configured in your report. On the 'Results' section, make sure you increase the number to a substantial amount. Even though you set the time window to a month, if this field is not changed, you will still see the same amount of data

Thanks

0 Helpful

alberx
Level 1
Level 1
In response to Nikhil Vaidya

‎11-11-2015 02:31 AM

Hello,

Already done, but results are the same. The problem is that the system prunes events when gets the maximum number, in my platform 10000000, very low in my opinion.

Only solution is to export it to an external server.

Thanks.

0 Helpful

Aastha Bhardwaj
Cisco Employee
Cisco Employee
In response to alberx

‎11-11-2015 10:49 AM

Hi,

Yes the system will prune the connections after this limit. So either you can reduce the logging level i.e. just log only limited traffic or export it to External server. Because this limit is for the system which would include connection+intrusion+security intelligence events.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card