The number of log messages per/sec and sze of the log message will determine just how much data storage you will need. Yes it's really that easy but how can you get a base line.
As you have more logging enable ( fwpolicy l, ocal-in , local-out , systems ) this will directly impact the log-disk-size
Take a local FAZ event log, they do a great job showing just how much disksize was used and per-day.
Using the above you can set forecast for logdisk size based on current log-rates. I see so many orgs that enable the "log all" approach and don't realize just how much of a resource impact that it makes.
As you have more policies, more traffic, more end-nodes, etc..... log rate can easily climb.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
o
/ \
No comments:
Post a Comment