Hi,
We are going to deploy FortiAnalyzer VM and not sure how much HDD size we should use.
As per the link below we can calculate the estimate HDD size using the formula HDD=LR*(RA/5+3*RR)*1.1.
We've purchased 100 gb/day license and if we want to calculate based on Maximum license size the HDD size will be HDD=100*(365/5 + 3*90)*1.1 = 37 TB and it's a very big storage size.
We understand we should calculate based on log/day but right now only one pair of FortiGate is sending the log to FortiAnalyzer , so we cannot make estimation.
Later there will be more than 20 FortiGate sent to the same FortiAnalyzer.
What should we consider estimating the VM HDD sizing in this case?
And as per below link, the Storage can be calculated based on log/sec. How many log/sec will need to use up 100Gb per day license each day.
How is 100Gb per day license calculated? Is it based on Archive log or Analytic compressed log or Analytic uncompressed log?
Appreciate any suggestions on this.
Thank you so much
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @EvanRaci ,
To apply this formula you don't have to use your entire License Capacity which is (100Gb per day) but take an average value/day for a weeks time from all your existing Fortinet devices (even though you are not planning to send the logs to FAZ right away) and then also decide on your retention period for both the archive and analytic logs.
You can start with a lower capacity for the HDD and then keep in running for a weeks time (maybe with one firewall) and understand the amount of logs/ day it receives and then can extend the storage based on your findings.
As per the article you shared, if the Log rate is 1500 log/sec and retention period if 1 year for Archived log and 3 months for Analytic logs, then you need a total storage of 5.9TB. But this is where your LPS calculation will help you determine the capacity. If you have only one Firewall sending Logs to FAZ, then your log rate will be much lower than the value provided above and also the total storage size varies depending on your retention policy.
How many log/sec will need to use up 100Gb per day license each day ?
- It is difficult to tell you how many log/sec will need to use up 100Gb per days license as it depends on the size of each log entry and not the number of logs. This 100GB per day is the amount of logs received per day on FAZ which will then be Indexed and archived.
Hope I am able to explain you the points, but if not clear please reply back to the same thread.
Best Regards,
Hi @EvanRaci ,
To apply this formula you don't have to use your entire License Capacity which is (100Gb per day) but take an average value/day for a weeks time from all your existing Fortinet devices (even though you are not planning to send the logs to FAZ right away) and then also decide on your retention period for both the archive and analytic logs.
You can start with a lower capacity for the HDD and then keep in running for a weeks time (maybe with one firewall) and understand the amount of logs/ day it receives and then can extend the storage based on your findings.
As per the article you shared, if the Log rate is 1500 log/sec and retention period if 1 year for Archived log and 3 months for Analytic logs, then you need a total storage of 5.9TB. But this is where your LPS calculation will help you determine the capacity. If you have only one Firewall sending Logs to FAZ, then your log rate will be much lower than the value provided above and also the total storage size varies depending on your retention policy.
How many log/sec will need to use up 100Gb per day license each day ?
- It is difficult to tell you how many log/sec will need to use up 100Gb per days license as it depends on the size of each log entry and not the number of logs. This 100GB per day is the amount of logs received per day on FAZ which will then be Indexed and archived.
Hope I am able to explain you the points, but if not clear please reply back to the same thread.
Best Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1071 | |
751 | |
443 | |
219 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.