This post will help in estimation/adjustment of an important quantity Logs per second (LPS). Logs per second is a quantity which is required for calculating the storage size of Fortianalyzer during the deployment process. As mentioned in Fortianalyzer administration guide, generally, the traffic logs are equivalent to the sessions generated on the Firewall, therefore taking this as a base point, we can check the sessions generated on each firewall per day. This can be obtained from FortiGate statistics report We can fetch the report by navigating to Log & Report >> Reports
On reports we can see the total number of sessions generated per day. Taking an average of 7 to 14 days will give us an idea of average sessions generated per day for that particular firewall, which can then be converted into the traffic logs generated per day. Dividing that number with 86400 will give us LPS.
Each security service also contributes in overall log generation. An estimation for each security service is also require to be added in original session/traffic log estimation. The estimation for each security service is also present in Administrative guide of Fortianalyzer. This whole exercise will give us a rough number. We can later add a suitable margin to the final value. This value will be a good start in Design process for Fortianalyzer. Once the deployment is done we can check the actual log rate from Fortianalyzer by using the command "diagnose fortilogd log-rate ". Later on adjustment can be done with the actual log rate.
Corrections are welcome
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@usmansa1happyhour wrote:This post will help in estimation/adjustment of an important quantity Logs per second (LPS). Logs per second is a quantity which is required for calculating the storage size of Fortianalyzer during the deployment process. As mentioned in Fortianalyzer administration guide, generally, the traffic logs are equivalent to the sessions generated on the Firewall, therefore taking this as a base point, we can check the sessions generated on each firewall per day. This can be obtained from FortiGate statistics report We can fetch the report by navigating to Log & Report >> Reports
On reports we can see the total number of sessions generated per day. Taking an average of 7 to 14 days will give us an idea of average sessions generated per day for that particular firewall, which can then be converted into the traffic logs generated per day. Dividing that number with 86400 will give us LPS.
Each security service also contributes in overall log generation. An estimation for each security service is also require to be added in original session/traffic log estimation. The estimation for each security service is also present in Administrative guide of Fortianalyzer. This whole exercise will give us a rough number. We can later add a suitable margin to the final value. This value will be a good start in Design process for Fortianalyzer. Once the deployment is done we can check the actual log rate from Fortianalyzer by using the command "diagnose fortilogd log-rate ". Later on adjustment can be done with the actual log rate.
Corrections are welcome
To obtain logs per second (LPS) from deployed FortiGate firewalls, start by checking the total sessions generated daily. Navigate to Log & Report >> Reports in the FortiGate interface to view the session statistics for the past 7 to 14 days. Calculate the average daily sessions, which can be used to estimate daily traffic logs. Divide this number by 86,400 (the number of seconds in a day) to get the LPS. Additionally, consider the log contributions from each security service as outlined in the FortiAnalyzer administration guide.
that is the post mate
@usmansa1 wrote:This post will help in estimation/adjustment of an important quantity Logs per second (LPS). Logs per second is a quantity which is required for calculating the storage size of Fortianalyzer during the deployment process. As mentioned in Fortianalyzer administration guide, generally, the traffic logs are equivalent to the sessions generated on the Firewall, therefore taking this as a base point, we can check the sessions generated on each firewall per day. This can be obtained from FortiGate statistics report We can fetch the report by navigating to Log & Report >> Reports
On reports we can see the total number of sessions generated per day. Taking an average of 7 to 14 days will give us an idea of average sessions generated per day for that particular firewall, which can then be converted into the traffic logs generated per day. Dividing that number with 86400 will give us LPS.
Each security service also contributes in overall log generation. An estimation for each security service is also require to be added in original session/traffic log estimation. The estimation for each security service is also present in Administrative guide of Fortianalyzer. This whole exercise will give us a rough number. We can later add a suitable margin to the final value. This value will be a good start in Design process for Fortianalyzer. Once the deployment is done we can check the actual log rate from Fortianalyzer by using the command "diagnose fortilogd log-rate ". Later on adjustment can be done with the actual log rate.
Corrections are welcome
i got this solved,...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1081 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.