To apply this formula you don't have to use your entire License Capacity which is (100Gb per day) but take an average value/day for a weeks time from all your existing Fortinet devices (even though you are not planning to send the logs to FAZ right away) and then also decide on your retention period for both the archive and analytic logs.
You can start with a lower capacity for the HDD and then keep in running for a weeks time (maybe with one firewall) and understand the amount of logs/ day it receives and then can extend the storage based on your findings.
As per the article you shared, if the Log rate is 1500 log/sec and retention period if 1 year for Archived log and 3 months for Analytic logs, then you need a total storage of 5.9TB. But this is where your LPS calculation will help you determine the capacity. If you have only one Firewall sending Logs to FAZ, then your log rate will be much lower than the value provided above and also the total storage size varies depending on your retention policy.
How many log/sec will need to use up 100Gb per day license each day ?
- It is difficult to tell you how many log/sec will need to use up 100Gb per days license as it depends on the size of each log entry and not the number of logs. This 100GB per day is the amount of logs received per day on FAZ which will then be Indexed and archived.
Hope I am able to explain you the points, but if not clear please reply back to the same thread.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.