Wednesday, August 2, 2017

log forecasting trending fortianalyzer

fortianalyzer

The number of log messages per/sec and sze of the log message will determine just how much data storage you will need. Yes it's really that easy but how can you get a base line.


As  you have more logging enable ( fwpolicy l, ocal-in , local-out , systems  ) this will directly impact the log-disk-size

Take a local FAZ event log, they do a great job showing just how much disksize was used and per-day.


Using the above you  can set forecast for logdisk size based on current log-rates. I see so many orgs that enable the "log all" approach and don't realize just how much of a resource impact that it makes.

As you have more policies, more traffic, more end-nodes, etc..... log rate can easily climb.




Ken   Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

    ^      ^
=(  #  #  )=
        o 
      /    \



No comments:

Post a Comment