Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
usmansa1
New Contributor II

How to obtain logs per second (LPS) from already deployed firewalls?

This post will help in estimation/adjustment of an important quantity Logs per second (LPS). Logs per second is a quantity which is required for calculating the storage size of Fortianalyzer during the deployment process. As mentioned in Fortianalyzer administration guide, generally, the traffic logs are equivalent to the sessions generated on the Firewall, therefore taking this as a base point, we can check the sessions generated on each firewall per day. This can be obtained from FortiGate statistics report  We can fetch the report by navigating to Log & Report >> Reports 

On reports we can see the total number of sessions generated per day. Taking an average of 7 to 14 days will give us an idea of average sessions generated per day for that particular firewall, which can then be converted into the traffic logs generated per day. Dividing that number with 86400 will give us LPS. 

 

Each security service  also contributes in overall log generation. An estimation for each security service is also require to be added in original session/traffic log estimation. The estimation for each security service is also present in Administrative guide of Fortianalyzer. This whole exercise will give us a rough number. We can later add a suitable margin to the final value. This value will be a good start in Design process for Fortianalyzer. Once the deployment is done we can check the actual log rate from Fortianalyzer by using the command "diagnose fortilogd log-rate ". Later on adjustment can be done with the actual log rate. 

 

Corrections are welcome 

 

3 REPLIES 3
dferter
New Contributor II


@usmansa1happyhour wrote:

This post will help in estimation/adjustment of an important quantity Logs per second (LPS). Logs per second is a quantity which is required for calculating the storage size of Fortianalyzer during the deployment process. As mentioned in Fortianalyzer administration guide, generally, the traffic logs are equivalent to the sessions generated on the Firewall, therefore taking this as a base point, we can check the sessions generated on each firewall per day. This can be obtained from FortiGate statistics report  We can fetch the report by navigating to Log & Report >> Reports 

On reports we can see the total number of sessions generated per day. Taking an average of 7 to 14 days will give us an idea of average sessions generated per day for that particular firewall, which can then be converted into the traffic logs generated per day. Dividing that number with 86400 will give us LPS. 

 

Each security service  also contributes in overall log generation. An estimation for each security service is also require to be added in original session/traffic log estimation. The estimation for each security service is also present in Administrative guide of Fortianalyzer. This whole exercise will give us a rough number. We can later add a suitable margin to the final value. This value will be a good start in Design process for Fortianalyzer. Once the deployment is done we can check the actual log rate from Fortianalyzer by using the command "diagnose fortilogd log-rate ". Later on adjustment can be done with the actual log rate. 

 

Corrections are welcome 

 


To obtain logs per second (LPS) from deployed FortiGate firewalls, start by checking the total sessions generated daily. Navigate to Log & Report >> Reports in the FortiGate interface to view the session statistics for the past 7 to 14 days. Calculate the average daily sessions, which can be used to estimate daily traffic logs. Divide this number by 86,400 (the number of seconds in a day) to get the LPS. Additionally, consider the log contributions from each security service as outlined in the FortiAnalyzer administration guide.

happyhour
usmansa1
New Contributor II

that is the post mate 

swagare2
New Contributor


@usmansa1 wrote:

This post will help in estimation/adjustment of an important quantity Logs per second (LPS). Logs per second is a quantity which is required for calculating the storage size of Fortianalyzer during the deployment process. As mentioned in Fortianalyzer administration guide, generally, the traffic logs are equivalent to the sessions generated on the Firewall, therefore taking this as a base point, we can check the sessions generated on each firewall per day. This can be obtained from FortiGate statistics report  We can fetch the report by navigating to Log & Report >> Reports 

On reports we can see the total number of sessions generated per day. Taking an average of 7 to 14 days will give us an idea of average sessions generated per day for that particular firewall, which can then be converted into the traffic logs generated per day. Dividing that number with 86400 will give us LPS. 

 

Each security service  also contributes in overall log generation. An estimation for each security service is also require to be added in original session/traffic log estimation. The estimation for each security service is also present in Administrative guide of Fortianalyzer. This whole exercise will give us a rough number. We can later add a suitable margin to the final value. This value will be a good start in Design process for Fortianalyzer. Once the deployment is done we can check the actual log rate from Fortianalyzer by using the command "diagnose fortilogd log-rate ". Later on adjustment can be done with the actual log rate. 

 

Corrections are welcome 

 


i got this solved,...

10.0.0.0.1 192.168.1.254
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors