Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Event definition and capacity calculation

Hi,

Due to the implementation of a CSM, there are a couple of things that I need to clarify in order to be sure about the Server requirements.

1. What is the definition of an event in a security device? Is it a violation to rules? Is it a connection fail??

2. How could I posibbly know the storage capacity required to handle the events send by an ASA? Is there an especific size for this logs/packets???

Thanks for your comments.

2 REPLIES
Cisco Employee

Re: Event definition and capacity calculation

Hi Douglas,

The events from the ASA are simply the syslogs that are generated by the firewall. However, certain syslogs are "deeply parsed" by CSM to provide additional details. Here is a list of syslogs that are deeply parsed (the rest are displayed as raw syslog data):

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/user/guide/evntchap.html#wp191617

As for the storage requirements, this will depend on the amount/level of logs that are generated by your ASA.

Hope that helps.

-Mike

New Member

Re: Event definition and capacity calculation

Hi mirober2,

Thanks for the link,

I found the following reference:

A 2TB disk can store less than eight weeks of events at the rate of 5,000 events/sec. with an average size of 250 bytes compressed per event.

I will use this info to define the server to install the CSM.

Regards

311
Views
4
Helpful
2
Replies
CreatePlease login to create content