The SEC is online, but there are no events in Security Cloud Control Event Logging Page

• Check SEC connector log using the command sdc eventing logs --type connector -n 100 and ensure the SEC registration was successful.

  If not, see Secure Event Connector Registration failure.

• Check SEC events log using the command sdc eventing logs --type events -n 200 and ensure that the events are being processed.

  If not, contact Security Cloud Control support.

• Check the SEC supervisor log with sdc eventing logs --type supervisor -n 100 and ensure the output is as shown below and all processes in RUNNING state.

  If not, contact Security Cloud Control support.

INFO success: estreamer-connector entered RUNNING state, process has stayed up for > than 1 seconds

INFO success: estreamer-plugin entered RUNNING state, process has stayed up for > than 1 seconds

INFO success: estreamer-rsyslog entered RUNNING state, process has stayed up for > than 1 seconds

• Ensure that the firewall rules on the on-premise SDC are not blocking the UDP and TCP ports shown for the SEC on the Secure Connectors page. See Finding Your Device's TCP, UDP, and NSEL Port Used for Cisco Security Analytics and Logging to determine what ports you need to open.

• If you have setup SDC manually using a CentOS 7 VM of your own and have the firewall configured to block incoming requests, you could execute the following commands to unblock the UDP and TCP ports:

firewall-cmd --zone=public --add-port=<udp_port>/udp --permanent

firewall-cmd --zone=public --add-port=<tcp_port>/tcp --permanent

firewall-cmd --reload

• Using Linux network tools of your choice, check if packets are being received on these ports. If not receiving, re-check the FTD logging configuration.

If none of the above repairs work, raise a support ticket with Security Cloud Control support..