Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
4
Helpful
2
Replies

Event definition and capacity calculation

dbarboza27
Level 1
Level 1

‎09-03-2010 11:11 AM - edited ‎02-21-2020 04:04 AM

Hi,

Due to the implementation of a CSM, there are a couple of things that I need to clarify in order to be sure about the Server requirements.

1. What is the definition of an event in a security device? Is it a violation to rules? Is it a connection fail??

2. How could I posibbly know the storage capacity required to handle the events send by an ASA? Is there an especific size for this logs/packets???

Thanks for your comments.

0 Helpful
2 Replies 2

mirober2
Cisco Employee
Cisco Employee

‎09-03-2010 12:53 PM

Hi Douglas,

The events from the ASA are simply the syslogs that are generated by the firewall. However, certain syslogs are "deeply parsed" by CSM to provide additional details. Here is a list of syslogs that are deeply parsed (the rest are displayed as raw syslog data):

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/user/guide/evntchap.html#wp191617

As for the storage requirements, this will depend on the amount/level of logs that are generated by your ASA.

Hope that helps.

-Mike

dbarboza27
Level 1
Level 1
In response to mirober2

‎09-03-2010 03:20 PM

Hi mirober2,

Thanks for the link,

I found the following reference:

A 2TB disk can store less than eight weeks of events at the rate of 5,000 events/sec. with an average size of 250 bytes compressed per event.

I will use this info to define the server to install the CSM.

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card