All:
We are trying to get an estimate of daily syslog log volume in GB with all logging options enabled on the 3700D for roughly a 500mbps throughput. Could someone give us a rough estimate? We realize there are many variables but are just looking for an estimate to make a comparison.
Thanks!
Romanr has hit all of the issues. Also attack traffic more or less is hard to predict. You can have some time of 1000 log p/s in a heavily firewall or even more. The FAZ will give you great details on the number of log events per-second btw.
Also forget about 500mbps thruput , that nonsense ( are you running 500mbps continous, how many sessions, how long are the sessions, etc.......) . The number of fwpolicies that you have and the number of session is going to be two bigger issues that are Variables with numerous ????s
I would suggest the following;
1: setup a syslog server 1st for monitor ( a simple unix freeware distribution cost 0.00 dollars )
2: run "diag test application miglogd 6" and look at the numbers for monitor
3: monitor the remote-syslog collector ( number of log events per-hour, per-day, per-week, the size ,etc......)
4: use the information gathered and then make plans for that number and with a buffer for growth.
5: if you need retention, plan accordingly, use file compress xv vrs bzip2 or gzip etc.... when ever available
NOTE: even without a real working-syslog server, you can enable the syslogd server and monitor the traffic counts that's sent . If you place a real-server, you can use the filesize and diskusage for storage planning.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
