09-03-2010 11:11 AM - edited 02-21-2020 04:04 AM
Hi,
Due to the implementation of a CSM, there are a couple of things that I need to clarify in order to be sure about the Server requirements.
1. What is the definition of an event in a security device? Is it a violation to rules? Is it a connection fail??
2. How could I posibbly know the storage capacity required to handle the events send by an ASA? Is there an especific size for this logs/packets???
Thanks for your comments.
09-03-2010 12:53 PM
Hi Douglas,
The events from the ASA are simply the syslogs that are generated by the firewall. However, certain syslogs are "deeply parsed" by CSM to provide additional details. Here is a list of syslogs that are deeply parsed (the rest are displayed as raw syslog data):
As for the storage requirements, this will depend on the amount/level of logs that are generated by your ASA.
Hope that helps.
-Mike
09-03-2010 03:20 PM
Hi mirober2,
Thanks for the link,
I found the following reference:
A 2TB disk can store less than eight weeks of events at the rate of 5,000 events/sec. with an average size of 250 bytes compressed per event.
I will use this info to define the server to install the CSM.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide