Tuesday 11 December 2012

How to calculate the total amount of FireWall Logs per second

### Posting this here for the time being since the support site's SK is broken..

Edit: Not sure why CP runs this with three separate strings...just copy/paste this and you'll get your numbers (sleeps for 120 seconds):

SLEEP_TIME=120;SIZE_BEFORE=$(ls -l $FWDIR/log/fw.logptr | awk '{print $5}') ; sleep $SLEEP_TIME ; SIZE_AFTER=$(ls -l $FWDIR/log/fw.logptr | awk '{print $5}');expr \( $SIZE_AFTER - $SIZE_BEFORE \) \/ \( 4 \* $SLEEP_TIME \)

#######

Follow these steps to calculate/count the total amount of all FireWall Logs per second that arrive to this Security Management Server from all its managed Security Gateways:
  1. Connect to CLI on Security Management Server - over SSH, or console.

    Note:
    On Multi-Domain Management Server, go to the context of the relevant Domain Management Server: [Expert@HostName]# mdsenv [Domain_Name|Domain_IP]
  2. Go to the Log directory:

    [Expert@HostName]# cd $FWDIR/log
  3. Check by how much the size of the Pointer File grows during specific time
    (the time should be high enough to accumulate enough logs - e.g., 120 sec, 180 sec, etc):

    [Expert@HostName]# ls -l fw.logptr ; sleep SLEEP_TIME ; ls -l fw.logptr
  4. Calculate the log rate per this formula:

    RATE = ( SIZE_AFTER - SIZE_BEFORE ) / ( 4 * SLEEP_TIME )

    Use these three commands to automate the calculations:

    [Expert@HostName]# SLEEP_TIME=number_of_seconds

    [Expert@HostName]# SIZE_BEFORE=$(ls -l fw.logptr | awk '{print $5}') ; sleep $SLEEP_TIME ; SIZE_AFTER=$(ls -l fw.logptr | awk '{print $5}')

    [Expert@HostName]# expr \( $SIZE_AFTER - $SIZE_BEFORE \) \/ \( 4 \* $SLEEP_TIME \)


    Note: if the rate value has to be used in a shell script, then use this syntax:
    [Expert@HostName]# RATE=$(expr \( $SIZE_AFTER - $SIZE_BEFORE \) \/ \( 4 \* $SLEEP_TIME \))

1 comment: