Solved: FMC/FTD External logging

benolyndav · ‎11-30-2020

HI

We have FTD in HA pair and was wondering does anyone have any ideas on how to calculate how much external logging storage we require.??

Thanks

Karsten Iwen · ‎11-30-2020

The most imnportant question is what you want to log. Logging intrusion events will probably be much less than connection events. And with connection events, do you want to log everything or only "important" events? And how much of these events do you have? A 5506 moving 50 MBit/s is probably less loggin intense than the the fully equippped Firepower9300 moving 150 GBit/s of traffic.

I would set up a simple linux box with a syslog server and just look at the amount of data that arrives there. Even if you won't use syslog and for example you move to estreamer on Splunk, it will give you a rough estimation.

View solution in original post

Karsten Iwen · ‎11-30-2020

The most imnportant question is what you want to log. Logging intrusion events will probably be much less than connection events. And with connection events, do you want to log everything or only "important" events? And how much of these events do you have? A 5506 moving 50 MBit/s is probably less loggin intense than the the fully equippped Firepower9300 moving 150 GBit/s of traffic.

I would set up a simple linux box with a syslog server and just look at the amount of data that arrives there. Even if you won't use syslog and for example you move to estreamer on Splunk, it will give you a rough estimation.