Security Management

I couldn't find a dedicated forum for STRM, so I think it's ok to ask my question here.

Is there any formula in order to calculate the number of events per second (may be flow per second as well) in a certain environment. Let's say a formula that depends on the number of users, servers and security devices/softwares installed? 

Hi Green,

It a good question   ! I worked with other SIM solution and got exactly the same need. We can t determine number of log because it depends of a lot of factors ( Number of appliance , kind of device , number of users , behaviors of users , kind of logs you need to keep ...).

If it s a Juniper security environment and you manage everything with NSM, there is a log counter script, in order to do this Job. If it s not, you can forward every logs devices to a syslog server and do a wc -l in your log file everyday : That s what i did and it works pretty well.

Hello,

Thanks a lot for your reply, but you know, when the customer is still in the phase of building his network, it is really hard for him to know the amount of logs he is going to receive from his undeployed firewalls and IDP's.

Ok, anyway I've created this Python script that can calculate the Maximum Number of Events received Per Second in a Given Time Frame.

You just need to configure your Security Devices to Forward their Syslogs to your PC, and run the program as Root, "Python siem-sizer.txt"