Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JAYARAM_P_M1
Participant

EPS Count

How to check EPS (events per second) count on the Management Server (R80.10)?

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

Do you mean events as defined by SmartEvent or something else?

0 Kudos
JAYARAM_P_M1
Participant

Yes, the events are defined by Smartevent but need to know about how the events count can be checked with the use of CPLogInvestigator?  

0 Kudos
PhoneBoy
Admin
Admin

I guess I have to ask the question: what’s the purpose behind the question?

Are you trying to size an appliance or is there some other reason?

A sizing tool for this purpose is planned.

CPLogInvestigator will tell you how many logs a given server has.

Non-firewall logs generally are already summarized (to an extent) and could be considered events on their own.

Firewall logs take the most work to “summarize” to events and the volume of logs that turn into events can vary.

I’ll have to see if I can find the estimations I used for this exercise previously.

JAYARAM_P_M1
Participant

Thanks...

0 Kudos
PhoneBoy
Admin
Admin

At least based on a couple of years ago, roughly 13% of raw log entries become events.

That number will be highly dependent on your environment of course, and whether or not you're doing session-based logging in R80.x. 

0 Kudos
Timothy_Hall
Champion
Champion

Also try these two commands for logging rate:

cpstat -f indexer mg

Total Read Logs: 10184191882
    Total Updates and Logs Indexed: 10184191874
    Total Read Logs Errors: 0
    Total Updates and Logs Indexed Errors: 17827
    Updates and Logs Indexed Rate: 0
    Read Logs Rate: 0
    Updates and Logs Indexed Rate (10min): 0
    Read Logs Rate (10min): 0
    Updates and Logs Indexed Rate (60min): 0
    Read Logs Rate (60min): 0
    Updates and Logs Indexed Rate Peak: 7908
    Read Logs Rate Peak: 8004
    Read Logs Delay: 0

cpstat -f log_server mg

Log Receive Rate: 9266
    Log Receive Rate Peak: 24748
    Log Receive Rate Last 10 Minutes: 9386
    Log Receive Rate Last Hour: 9536

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
Breyten_Borman
Explorer

Hi Tim

With regards to using cpstat mg -f log_server output, is the:

1. Log Receive Rate a per second statistic?

2. and given that question 1 is true, is the Log Receive Rate Peak then the highest amount of logs that was received in one second at some point in time by the Management server?

Regards

Breyten