Snapshot report from 2 gb Cisco ASA Firewall logs only showing 8 Apps?

%3CLINGO-SUB%20id%3D%22lingo-sub-1692961%22%20slang%3D%22en-US%22%3ESnapshot%20report%20from%202%20gb%20Cisco%20ASA%20Firewall%20logs%20only%20showing%208%20Apps%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1692961%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20uploaded%202GB%20worth%20of%20FW%20logs%20from%20a%20Cisco%20ASA%20perimiter%20FW%20to%20create%20a%20MCAS%20snapshot%20report.%3C%2FP%3E%3CP%3EThe%20network%20architect%20confirmed%20the%20log%20format%20is%20identical%20to%20the%20example%20one%20in%20the%20MCAS%20portal%20-%20it%20contains%20all%20Teardown%20TCP%20records.%3C%2FP%3E%3CP%3EUnfortunately%20the%20report%20only%20finds%208%20cloud%20apps%20in%20total%2C%20which%20I%20seriously%20doubt%20is%20correct.%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20any%20of%20you%20guys%20have%20a%20clue%20on%20what%20could%20be%20causing%20only%208%20apps%20to%20show%20on%20the%20snapshot%20report%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBr.%3C%2FP%3E%3CP%3ELars%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1692961%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1708265%22%20slang%3D%22en-US%22%3ERe%3A%20Snapshot%20report%20from%202%20gb%20Cisco%20ASA%20Firewall%20logs%20only%20showing%208%20Apps%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1708265%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F702105%22%20target%3D%22_blank%22%3E%40Lassekatten%3C%2FA%3E%26nbsp%3BHi%2C%20there%20is%20a%20size%20limit%20for%20each%20log%20upload%20(1GB)%2C%20that%20could%20be%20the%20reason.%20Also%2C%20do%20the%20logs%20contain%20any%20entries%20outside%20of%20the%2090%20day%20period%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELink%20to%20snapshot%20doc%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fcreate-snapshot-cloud-discovery-reports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fcreate-snapshot-cloud-discovery-reports%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi all,

 

I have uploaded 2GB worth of FW logs from a Cisco ASA perimiter FW to create a MCAS snapshot report.

The network architect confirmed the log format is identical to the example one in the MCAS portal - it contains all Teardown TCP records.

Unfortunately the report only finds 8 cloud apps in total, which I seriously doubt is correct. 

Do any of you guys have a clue on what could be causing only 8 apps to show on the snapshot report?

 

Br.

Lars

3 Replies

@Lassekatten Hi, there is a size limit for each log upload (1GB), that could be the reason. Also, do the logs contain any entries outside of the 90 day period?

 

Link to snapshot doc: https://docs.microsoft.com/en-us/cloud-app-security/create-snapshot-cloud-discovery-reports

@Caroline_LeeThanks a lot for the reply!

I have cut the log file into 500 mb files and the 2 GB is only from a 24 hour period approximately 2 weeks ago. So unfortunately I do not think that is the issue.

 

Br.

Lars

@Lassekatten Hi Lars, since you've checked the log format, size and time period there's no reason I can think of as to why you're only seeing 8 apps. I'd recommend opening a support ticket for this issue.

www.000webhost.com