Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

CiscoWorks VMS Security Monitor data retention factors

We monitor 15 IPS sensors with CiscoWorks VMS Security Monitor and even though we have tuned some signatures and created some filters a lot of alerts are still produced and populate the database. We currently have around 12 days of retention.

What factors into the number of days worth of events I can view and report on in CiscoWorks Security Monitor Event Viewer:

The number of events received? In other words the more events that are filtered the more days worth of events I can view and report on?

The size of the table in Security Monitor > Admin > Data Management > Database > Pruning Configuration which by default is set at 2,000,000 and if I'm warned of performance degradation if I increase the size?

Anything else?

CreatePlease to create content