cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

EPS Count

How to check EPS (events per second) count on the Management Server (R80.10)?

0 Kudos
7 Replies
Admin
Admin

Re: EPS Count

Do you mean events as defined by SmartEvent or something else?

0 Kudos

Re: EPS Count

Yes, the events are defined by Smartevent but need to know about how the events count can be checked with the use of CPLogInvestigator?  

0 Kudos
Admin
Admin

Re: EPS Count

I guess I have to ask the question: what’s the purpose behind the question?

Are you trying to size an appliance or is there some other reason?

A sizing tool for this purpose is planned.

CPLogInvestigator will tell you how many logs a given server has.

Non-firewall logs generally are already summarized (to an extent) and could be considered events on their own.

Firewall logs take the most work to “summarize” to events and the volume of logs that turn into events can vary.

I’ll have to see if I can find the estimations I used for this exercise previously.

Highlighted

Re: EPS Count

Thanks...

0 Kudos
Admin
Admin

Re: EPS Count

At least based on a couple of years ago, roughly 13% of raw log entries become events.

That number will be highly dependent on your environment of course, and whether or not you're doing session-based logging in R80.x. 

0 Kudos

Re: EPS Count

Also try these two commands for logging rate:

cpstat -f indexer mg

Total Read Logs: 10184191882
    Total Updates and Logs Indexed: 10184191874
    Total Read Logs Errors: 0
    Total Updates and Logs Indexed Errors: 17827
    Updates and Logs Indexed Rate: 0
    Read Logs Rate: 0
    Updates and Logs Indexed Rate (10min): 0
    Read Logs Rate (10min): 0
    Updates and Logs Indexed Rate (60min): 0
    Read Logs Rate (60min): 0
    Updates and Logs Indexed Rate Peak: 7908
    Read Logs Rate Peak: 8004
    Read Logs Delay: 0

cpstat -f log_server mg

Log Receive Rate: 9266
    Log Receive Rate Peak: 24748
    Log Receive Rate Last 10 Minutes: 9386
    Log Receive Rate Last Hour: 9536

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: EPS Count

Hi Tim

With regards to using cpstat mg -f log_server output, is the:

1. Log Receive Rate a per second statistic?

2. and given that question 1 is true, is the Log Receive Rate Peak then the highest amount of logs that was received in one second at some point in time by the Management server?

Regards

Breyten