https://community.cisco.com/t5/network-security/event-definition-and-capacity-calculation/m-p/1541600#M923053 <P>Hi,</P><P></P><P>Due to the implementation of a CSM, there are a couple of things that I need to clarify in order to be sure about the Server requirements.</P><P></P><P>1. What is the definition of an event in a security device? Is it a violation to rules? Is it a connection fail??</P><P></P><P>2. How could I posibbly know the storage capacity required to handle the events send by an ASA? Is there an especific size for this logs/packets???</P><P></P><P>Thanks for your comments.</P> Fri, 21 Feb 2020 12:04:21 GMT dbarboza27 2020-02-21T12:04:21Z https://community.cisco.com/t5/network-security/event-definition-and-capacity-calculation/m-p/1541600#M923053 <P>Hi,</P><P></P><P>Due to the implementation of a CSM, there are a couple of things that I need to clarify in order to be sure about the Server requirements.</P><P></P><P>1. What is the definition of an event in a security device? Is it a violation to rules? Is it a connection fail??</P><P></P><P>2. How could I posibbly know the storage capacity required to handle the events send by an ASA? Is there an especific size for this logs/packets???</P><P></P><P>Thanks for your comments.</P> Fri, 21 Feb 2020 12:04:21 GMT https://community.cisco.com/t5/network-security/event-definition-and-capacity-calculation/m-p/1541600#M923053 dbarboza27 2020-02-21T12:04:21Z https://community.cisco.com/t5/network-security/event-definition-and-capacity-calculation/m-p/1541601#M923054 <HTML><HEAD></HEAD><BODY><P>Hi Douglas,</P><P></P><P>The events from the ASA are simply the syslogs that are generated by the firewall. However, certain syslogs are "deeply parsed" by CSM to provide additional details. Here is a list of syslogs that are deeply parsed (the rest are displayed as raw syslog data):</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/user/guide/evntchap.html#wp191617">http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/user/guide/evntchap.html#wp191617</A></P><P></P><P>As for the storage requirements, this will depend on the amount/level of logs that are generated by your ASA.</P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Fri, 03 Sep 2010 19:53:47 GMT https://community.cisco.com/t5/network-security/event-definition-and-capacity-calculation/m-p/1541601#M923054 mirober2 2010-09-03T19:53:47Z https://community.cisco.com/t5/network-security/event-definition-and-capacity-calculation/m-p/1541602#M923055 <HTML><HEAD></HEAD><BODY><P>Hi mirober2,</P><P></P><P>Thanks for the link,</P><P></P><P>I found the following reference:</P><P></P><P></P><P><EM>A 2TB disk can store less than eight weeks of events at the rate of </EM><EM>5,000 events/sec. with an average size of 250 bytes compressed per </EM><EM>event.</EM></P><P></P><P></P><P>I will use this info to define the server to install the CSM.</P><P></P><P><EM>Regards</EM></P></BODY></HTML> Fri, 03 Sep 2010 22:20:57 GMT https://community.cisco.com/t5/network-security/event-definition-and-capacity-calculation/m-p/1541602#M923055 dbarboza27 2010-09-03T22:20:57Z