02-06-2023 10:14 AM
Hello,
Does someone here is able to tell me where is the log for the connection events in an FMC 1000?
If not, is there is somewhere where I could find the size of the data we have in the connection events?
I need to define a rule of thumb for how much data would be sent in a SIEM per unit of time.
Thanks,
02-06-2023 02:12 PM
02-06-2023 06:24 PM
The health monitor in FMC 7.x now shows you the events per second received and database size for various databases. Individual events are around 700 bytes each.
02-07-2023 06:26 AM
@MHM Cisco WorldThanks for the link. It would be useful when we will be ready to implement the solution. Unfortunately, it does not provide the information required which is actual log location so I could estimate the size.
@Marvin RhoadsThanks for the information. Unfortunately, we are still at 6.6 and no possibility to upgrade before many months.
02-08-2023 05:54 AM
You could temporarily log to any Linux server running syslog (or syslog-ng) and just measure the traffic you see during a typical busy hour. Not a very elegant method but it would get the data you're looking for in an empirical manner.
02-13-2023 05:08 AM
I found under System, Monitoring then Statistics a value for "Connections/Sec". Then I collected this value once per hour and used the 700 bytes per events, I did a bit of math and there we go! That give us a rough value but at least we have something.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide