Security Management

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  STRM Sizing

    Posted 05-13-2008 05:08

    I couldn't find a dedicated forum for STRM, so I think it's ok to ask my question here.

     

    Is there any formula in order to calculate the number of events per second (may be flow per second as well) in a certain environment. Let's say a formula that depends on the number of users, servers and security devices/softwares installed? 


    #Sizing
    #logs
    #STRM
    #SIM
    #SIEM


  • 2.  RE: STRM Sizing

    Posted 05-13-2008 06:39

    Hi Green,

     

    It a good question Smiley Surprised  ! I worked with other SIM solution and got exactly the same need. We can t determine number of log because it depends of a lot of factors ( Number of appliance , kind of device , number of users , behaviors of users , kind of logs you need to keep ...).

    If it s a Juniper security environment and you manage everything with NSM, there is a log counter script, in order to do this Job. If it s not, you can forward every logs devices to a syslog server and do a wc -l in your log file everyday : That s what i did and it works pretty well.

     

     

     



  • 3.  RE: STRM Sizing

    Posted 05-19-2008 04:57

    Hello,

     

    Thanks a lot for your reply, but you know, when the customer is still in the phase of building his network, it is really hard for him to know the amount of logs he is going to receive from his undeployed firewalls and IDP's.

     

     



  • 4.  RE: STRM Sizing
    Best Answer

    Posted 06-14-2008 01:20
      |   view attached

    Ok, anyway I've created this Python script that can calculate the Maximum Number of Events received Per Second in a Given Time Frame.

    You just need to configure your Security Devices to Forward their Syslogs to your PC, and run the program as Root, "Python siem-sizer.txt"

    Attachment(s)

    txt
    siem-sizer.txt   975 B 1 version