09-03-2010 11:11 AM - edited 02-21-2020 04:04 AM
Hi,
Due to the implementation of a CSM, there are a couple of things that I need to clarify in order to be sure about the Server requirements.
1. What is the definition of an event in a security device? Is it a violation to rules? Is it a connection fail??
2. How could I posibbly know the storage capacity required to handle the events send by an ASA? Is there an especific size for this logs/packets???
Thanks for your comments.
09-03-2010 12:53 PM
Hi Douglas,
The events from the ASA are simply the syslogs that are generated by the firewall. However, certain syslogs are "deeply parsed" by CSM to provide additional details. Here is a list of syslogs that are deeply parsed (the rest are displayed as raw syslog data):
As for the storage requirements, this will depend on the amount/level of logs that are generated by your ASA.
Hope that helps.
-Mike
09-03-2010 03:20 PM
Hi mirober2,
Thanks for the link,
I found the following reference:
A 2TB disk can store less than eight weeks of events at the rate of 5,000 events/sec. with an average size of 250 bytes compressed per event.
I will use this info to define the server to install the CSM.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: