Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Server Recommendation for Cisco security manager

Hi,

I would like to find out if I need to store events and logs for 18months, what is the specs of the server you need for the Cisco security manager 4.2?

From datasheet it recommends Cisco UCS MC server and only mentioned at least 1TB hard disk for logs and events but did not explicitly mentioned how long can the logs be stored...Hope to hear your recommendation based on your experience.

Thanks.

  • Security Management
1 ACCEPTED SOLUTION

Accepted Solutions

Server Recommendation for Cisco security manager

Hi Bro

I deployed CSM v3.3.1 for a client, sometime earlier this year. The CSM was managing about 150 Cisco IOS Branche Routers nationwide. The logs collected per day, may differ to your environment. 1TB hard disk space for logs and events is a good size. Shown below are values, proposed by Cisco;

  • •a)    100 GB for the OS partition.
  • •b)    150 GB for the application (Security Manager) partition is recommended by Cisco.

Note: Install the OS and application on separate partitions.

  • •c)     1.0 TB for log storage for the Event Viewer on a separate partition:

Note: RAID 10 for better performance. RAID 5 can be used if desired.

However, to have a rough gauge on the above-mentioned values for your planning purposes, here’s my 2 cents opinion. A sustained 10,000 events per second (EPS) consumes about 86 GB of compressed disk space per day. Log rollover happens when 90% of the disk space allocated for event store (primary/secondary) is filled. Smaller disk size causes quicker rollovers. Based on your expected EPS rate and rollover requirements, you can increase or decrease the minimum disk size when using Event Management, that’s in your Cisco Security Manager.

Cisco does have a rather simple guide with regards to this subject. Please note, these values are merely guide, and it may differ tremendously from one LAN/WAN environment to another. Good luck!!!

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.1/deployment/guide/cmsdg41.html

Note: If you this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
2 REPLIES

Server Recommendation for Cisco security manager

Hi Bro

I deployed CSM v3.3.1 for a client, sometime earlier this year. The CSM was managing about 150 Cisco IOS Branche Routers nationwide. The logs collected per day, may differ to your environment. 1TB hard disk space for logs and events is a good size. Shown below are values, proposed by Cisco;

  • •a)    100 GB for the OS partition.
  • •b)    150 GB for the application (Security Manager) partition is recommended by Cisco.

Note: Install the OS and application on separate partitions.

  • •c)     1.0 TB for log storage for the Event Viewer on a separate partition:

Note: RAID 10 for better performance. RAID 5 can be used if desired.

However, to have a rough gauge on the above-mentioned values for your planning purposes, here’s my 2 cents opinion. A sustained 10,000 events per second (EPS) consumes about 86 GB of compressed disk space per day. Log rollover happens when 90% of the disk space allocated for event store (primary/secondary) is filled. Smaller disk size causes quicker rollovers. Based on your expected EPS rate and rollover requirements, you can increase or decrease the minimum disk size when using Event Management, that’s in your Cisco Security Manager.

Cisco does have a rather simple guide with regards to this subject. Please note, these values are merely guide, and it may differ tremendously from one LAN/WAN environment to another. Good luck!!!

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.1/deployment/guide/cmsdg41.html

Note: If you this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

Server Recommendation for Cisco security manager

Hi Ramraj,

Thank you for your reply, this is extremely useful. I would like to clarify the meaning of log rollover...does it mean by overwriting existing log with current log when the max disk space is used?

918
Views
0
Helpful
2
Replies
This widget could not be displayed.