07-11-2012 07:36 PM - edited 02-21-2020 04:41 AM
Hi,
I would like to find out if I need to store events and logs for 18months, what is the specs of the server you need for the Cisco security manager 4.2?
From datasheet it recommends Cisco UCS MC server and only mentioned at least 1TB hard disk for logs and events but did not explicitly mentioned how long can the logs be stored...Hope to hear your recommendation based on your experience.
Thanks.
Solved! Go to Solution.
07-20-2012 10:49 AM
Hi Bro
I deployed CSM v3.3.1 for a client, sometime earlier this year. The CSM was managing about 150 Cisco IOS Branche Routers nationwide. The logs collected per day, may differ to your environment. 1TB hard disk space for logs and events is a good size. Shown below are values, proposed by Cisco;
Note: Install the OS and application on separate partitions.
Note: RAID 10 for better performance. RAID 5 can be used if desired.
However, to have a rough gauge on the above-mentioned values for your planning purposes, here’s my 2 cents opinion. A sustained 10,000 events per second (EPS) consumes about 86 GB of compressed disk space per day. Log rollover happens when 90% of the disk space allocated for event store (primary/secondary) is filled. Smaller disk size causes quicker rollovers. Based on your expected EPS rate and rollover requirements, you can increase or decrease the minimum disk size when using Event Management, that’s in your Cisco Security Manager.
Cisco does have a rather simple guide with regards to this subject. Please note, these values are merely guide, and it may differ tremendously from one LAN/WAN environment to another. Good luck!!!
Note: If you this comment is useful, please do rate them nicely :-)
07-20-2012 10:49 AM
Hi Bro
I deployed CSM v3.3.1 for a client, sometime earlier this year. The CSM was managing about 150 Cisco IOS Branche Routers nationwide. The logs collected per day, may differ to your environment. 1TB hard disk space for logs and events is a good size. Shown below are values, proposed by Cisco;
Note: Install the OS and application on separate partitions.
Note: RAID 10 for better performance. RAID 5 can be used if desired.
However, to have a rough gauge on the above-mentioned values for your planning purposes, here’s my 2 cents opinion. A sustained 10,000 events per second (EPS) consumes about 86 GB of compressed disk space per day. Log rollover happens when 90% of the disk space allocated for event store (primary/secondary) is filled. Smaller disk size causes quicker rollovers. Based on your expected EPS rate and rollover requirements, you can increase or decrease the minimum disk size when using Event Management, that’s in your Cisco Security Manager.
Cisco does have a rather simple guide with regards to this subject. Please note, these values are merely guide, and it may differ tremendously from one LAN/WAN environment to another. Good luck!!!
Note: If you this comment is useful, please do rate them nicely :-)
07-22-2012 08:13 PM
Hi Ramraj,
Thank you for your reply, this is extremely useful. I would like to clarify the meaning of log rollover...does it mean by overwriting existing log with current log when the max disk space is used?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: