This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JAYARAM_P_M1
Participant
‎2017-10-11 06:32 AM

EPS Count

How to check EPS (events per second) count on the Management Server (R80.10)?

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2017-10-11 10:02 AM

Do you mean events as defined by SmartEvent or something else?

0 Kudos
JAYARAM_P_M1
Participant
‎2017-10-11 08:25 PM
In response to PhoneBoy

Yes, the events are defined by Smartevent but need to know about how the events count can be checked with the use of CPLogInvestigator?  

0 Kudos
PhoneBoy
Admin
Admin
‎2017-10-12 07:35 AM
In response to JAYARAM_P_M1

I guess I have to ask the question: what’s the purpose behind the question?

Are you trying to size an appliance or is there some other reason?

A sizing tool for this purpose is planned.

CPLogInvestigator will tell you how many logs a given server has.

Non-firewall logs generally are already summarized (to an extent) and could be considered events on their own.

Firewall logs take the most work to “summarize” to events and the volume of logs that turn into events can vary.

I’ll have to see if I can find the estimations I used for this exercise previously.

JAYARAM_P_M1
Participant
‎2017-10-30 11:16 AM
In response to PhoneBoy

Thanks...

0 Kudos
PhoneBoy
Admin
Admin
‎2017-10-30 09:19 PM
In response to PhoneBoy

At least based on a couple of years ago, roughly 13% of raw log entries become events.

That number will be highly dependent on your environment of course, and whether or not you're doing session-based logging in R80.x. 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2017-10-31 04:53 AM

Also try these two commands for logging rate:

cpstat -f indexer mg

Total Read Logs: 10184191882
    Total Updates and Logs Indexed: 10184191874
    Total Read Logs Errors: 0
    Total Updates and Logs Indexed Errors: 17827
    Updates and Logs Indexed Rate: 0
    Read Logs Rate: 0
    Updates and Logs Indexed Rate (10min): 0
    Read Logs Rate (10min): 0
    Updates and Logs Indexed Rate (60min): 0
    Read Logs Rate (60min): 0
    Updates and Logs Indexed Rate Peak: 7908
    Read Logs Rate Peak: 8004
    Read Logs Delay: 0

cpstat -f log_server mg

Log Receive Rate: 9266
    Log Receive Rate Peak: 24748
    Log Receive Rate Last 10 Minutes: 9386
    Log Receive Rate Last Hour: 9536

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
Breyten_Borman
Explorer
‎2018-03-14 08:21 AM
In response to Timothy_Hall

Hi Tim

With regards to using cpstat mg -f log_server output, is the:

1. Log Receive Rate a per second statistic?

2. and given that question 1 is true, is the Log Receive Rate Peak then the highest amount of logs that was received in one second at some point in time by the Management server?

Regards

Breyten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top