- Local User Groups
I am Dr. Dorit Dor
Ask Me Anything
Check Point for Beginners
Welcome to the
Working From Home
Review Check Point,
Win Apple AirPods!
More Ask Me Anything with Gil Shwed
We are installing and configuring NGFW for multiple sites and due to the current splunk configuration, we need to send the log from CheckPoint to a syslog server prior to the splunk environment.
We therefore need to estimate the logging data flowbefore the installation (all solutions to estimate the log size based on CheckPoint interface are then not applicable).
Is there a simple way to estimate the size of the logging flow? Based on the equipment (for example CP5800), number of users (for example 10) and the traffic going through the firewall (for example 10G/sec)?
Thanks for the help!
For now we are assuming that all the blades of NGFW will be active (therefore not the sandblast ones).
We are using the checkpoint Log Exporter to send the log to the splunk environment via a syslog server (we need the syslog server to ensure the load balancing over the 4 splunk indexers).
As for traffic, is it a more or less linear function? i.e. 10G/s will generate 10x more log than 1G/s?
Thanks for you help @PhoneBoy !
thank you very much@PhoneBoy - this is valuable information.
Running a test to get the log size for one user presupposes that you already have the CheckPoint infrastructure, at least in a test environment. Assuming we do not, is there any chance that there is a method / estimate for let's say all blades enabled, detailed or extended log policy, 1 user surfing for 1GB traffic?
I understand it is difficult to estimate but we are just looking at ballpark figures.
Thanks again for your help!