Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

CSA - Event database too big

Hi. The CSA (v4.5) log file is displaying this message:

'The event database now contains approximately 18000001 events. This is in danger of exceeding the configured limit. In order to preserve correct operation, events of priority Alert and below will not be logged. Since the last report of this type, 1 events have not been logged. Please purge the event database as soon as possible.'

When I go to the Database Maintenance page it reports that there is plenty of disk space (22GB) and that there are no recommendations. There is therefore no option available to purge any records.

Does anyone know how to purge the log file in this situation?

Thanks

3 REPLIES
Blue

Re: CSA - Event database too big

In CSA 5.2 you can look at the Events>Event Managing Tasks>Event Insertion Task.

That contains the thresholds where it will stop logging certain events.

I don't know if 4.5 has this feature.

You could delete all alert events older than X days and see where that gets you.

Tom

New Member

Re: CSA - Event database too big

Hi Tom,

Thanks for this. No such feature on v4.5 unfortunately. Question, how to you delete the log files??

Blue

Re: CSA - Event database too big

Use 'event sets' to either create or modify an event set to show all events older than X days.

Once you have that, you can use it to view and delete all events matching the criteria.

Tom

316
Views
5
Helpful
3
Replies
CreatePlease to create content