Guest

Preview Tool

Cisco Bug: CSCvs57086 - FMC Connection events not shown, SELECT COUNT is been triggered by SQL

Last Modified

Jan 17, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.4.0 6.4.0.1 6.4.0.2 6.4.0.3 6.4.0.4 6.5.0.1

Description (partial)

Symptom:
FMC GUI is not showing connection events.
++ After upgrade to version 6.4 or 6.5 FMC stops displaying Connection Events.

++ Checking the rna_flow_stats tables they are correctly populated:

mdb.sfsnort>  select count(*) from rna_flow_stats_IDommited;
+----------+
| count(*) |
+----------+
| 446375   |
+----------+

++ tail -f query_engine.log shows that FMC is only triggering SELECT COUNT (*) SWL queries during the GUI events query

FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17419] table[app_ids_stats] columns[application, risk, events_sum] wait time[0] run time[3]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17486] table[ioc_state] columns[ipaddr, count] wait time[2] run time[2]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17617] table[fireamp_event] columns[detection_name, count] wait time[8] run time[1]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17484] table[file_event] columns[src_country, src_continent, count] wait time[3] run time[2]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17421] table[file_event] columns[file_type, file_type_category, count] wait time[0] run time[3]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17572] table[event] columns[dst, count] wait time[6] run time[2]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17528] table[user_ids_stats] columns[username, events_sum] wait time[4] run time[2]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17487] table[rna_flow_stats_prioritized] columns[ip_rep_category, traffic, flows_sum] wait time[2] run time[2]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17420] table[ioc_state] columns[event_type, category, count] wait time[0] run time[3]
FMC query_scheduler.pl[5711]: [SCHEDULER][0][Scheduler.pm:343]    pid[17575] table[file_event] columns[file_name, count] wait time[6] run time[2]
 index.cgi[24654]: [QUERY_INFO][1][QueryEngine.pm:114]
 index.cgi[24654]: $VAR1 = {
 index.cgi[24654]:           'end_time' => {
 index.cgi[24654]:                           'time' => 1576075531,
 index.cgi[24654]:                           'exclusive' => 0
 index.cgi[24654]:                         },
 index.cgi[24654]:           'origin' => 'EventViewer_rna_flow_stats',
 index.cgi[24654]:           'start_time' => {
 index.cgi[24654]:                             'time' => 1576069316,
 index.cgi[24654]:                             'exclusive' => 0
 index.cgi[24654]:                           },
 index.cgi[24654]:           'variables' => {
 index.cgi[24654]:                            'utc_offset' => 3600,
 index.cgi[24654]:                            'valid_netmaps' => '1'
 index.cgi[24654]:                          },
 index.cgi[24654]:           'criteria' => {
 index.cgi[24654]:                           'constraints' => {
 index.cgi[24654]:                                              'comparison' => '=',
 index.cgi[24654]:                                              'table' => 'rna_flow_stats',
 index.cgi[24654]:                                              'values' => [
 index.cgi[24654]:                                                            'ID-ommited'
 index.cgi[24654]:                                                          ],
 index.cgi[24654]:                                              'column' => 'domain'
 index.cgi[24654]:                                            },
 index.cgi[24654]:                           'table' => 'rna_flow_stats'
 index.cgi[24654]:                         },
 index.cgi[24654]:           'results' => {
 index.cgi[24654]:                          'format' => 'array',
 index.cgi[24654]:                          'columns' => [
 index.cgi[24654]:                                         'first_packet',
 index.cgi[24654]:                                         'last_packet',
 index.cgi[24654]:                                         'fw_rule_action',
 index.cgi[24654]:                                         'fw_rule_reason',
 index.cgi[24654]:                                         'source_with_ip_rep_status',
 index.cgi[24654]:                                         'src_country_ip',
 index.cgi[24654]:                                         'destination_with_ip_rep_status',
 index.cgi[24654]:                                         'dst_country_ip',
 index.cgi[24654]:                                         'security_zone_ingress',
 index.cgi[24654]:                                         'security_zone_egress',
 index.cgi[24654]:                                         'sport',
 index.cgi[24654]:                                         'dport',
 index.cgi[24654]:                                         'service',
 index.cgi[24654]:                                         'clientapp',
 index.cgi[24654]:                                         'web_app',
 index.cgi[24654]:                                         'info',
 index.cgi[24654]:                                         'url_cat',
 index.cgi[24654]:                                         'url_reputation',
 index.cgi[24654]:                                         'sensor',
 index.cgi[24654]:                                         'security_context'
 index.cgi[24654]:                                       ],
 index.cgi[24654]:                          'limit' => '100',
 index.cgi[24654]:                          'sort_columns' => [
 index.cgi[24654]:                                              'rna_flow_stats.first_packet DESC',
 index.cgi[24654]:                                              'rna_flow_stats.last_packet DESC'
 index.cgi[24654]:                                            ]
 index.cgi[24654]:                        }
 index.cgi[24654]:         };
 index.cgi[24654]:
 index.cgi[24654]: [SQL][2][QueryEngine.pm:1381][id=ID-ommited]
 index.cgi[24654]:  SELECT COUNT(*)
 index.cgi[24654]:     FROM ( SELECT first_packet,last_packet,fw_rule_action,fw_rule_reason,initiator_ip,netmap_num,ip_rep_src_dst,initiator_country,responder_ip,responder_country,security_zone_ingress_id,security_zone_egress_id,initiator_port,protocol,responder_port,app_proto_id,client_app_id,web_app_id,info,url_category,fw_policy_id,url_reputation,sensor_id,context_id FROM rna_flow_stats_1564418820_0
 index.cgi[24654]:     WHERE first_packet >= 1564418820 AND `netmap_num` = '1' ) AS rna_flow_stats
 index.cgi[24654]:     WHERE rna_flow_stats.`netmap_num` = '1' AND rna_flow_stats.`first_packet` >= 1576069316 AND rna_flow_stats.`first_packet` <= 1576075531
 index.cgi[24654]:  /* ORIGIN=EventViewer_rna_flow_stats */
 index.cgi[24654]:  /* EQE_ID=ID-ommited */
 index.cgi[24654]:  /* USER=lw_manager */

Conditions:
Defect observed after major upgrade to version 6.4 and 6.5
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.