This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
MVP Silver
MVP Silver
2 weeks ago
Jump to solution

Dedicated log server

Hi,

In the Admin Guide, I read the following statement:

“Check Point recommends using dedicated Log Servers in environments that generate a high volume of logs.”

Could you please clarify what is considered a high volume of logs in numbers in this context?

cpstat mg -f log_server

Log Receive Rate:                   1395
Log Receive Rate Peak:              8585
Log Receive Rate Last 10 Minutes:   2295
Log Receive Rate Last Hour:         1239
Access Session Log Receive Rate:    329
Access Connection Log Receive Rate: 874

 

Doctor log shows:

Current Logging Rates

Test Result IconOK
Logging Rate/sec	1242
Indexing Rate/sec	1252

 

 

Daily Average Logging Rates

Test Result IconOK
Yesterday Avg Logs/sec	280.5
Yesterday Avg Index/sec	147


Yesterday Hourly Average Index/sec:
Domain	Mode	0-1	1-2	2-3	3-4	4-5	5-6	6-7	7-8	8-9	9-10	10-11	11-12	12-13	13-14	14-15	15-16	16-17	17-18	18-19	19-20	20-21	21-22	22-23	23-24
System Data	Files	226	146	119	108	122	123	131	153	145	152	141	153	176	146	149	155	133	142	145	132	138	164	121	120

 

0 Kudos
3 Solutions

Accepted Solutions
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
2 weeks ago
Jump to solution

I would look at the Sizing recommendations listed here under Logs and Events.

https://support.checkpoint.com/results/sk/sk178325

 

 

View solution in original post

Lesley
MVP Gold
MVP Gold
2 weeks ago
Jump to solution

If there are performance issues and there are to many logs Doctor Log will show an error like this(random numbers below):

ERROR Peak logging rate is too high. Max peak rate is 67000.
Logging Rates Information (per second):  
  Logging Rate 15004
  Peak Logging Rate 113376
  Last 10 Minutes Logging Rate 10
  Last Hour Logging Rate 15918
Indexing Rates Information (per second):  
  Indexing Rate 15413
  Peak Indexing Rate 55401
  Last 10 Minutes Indexing Rate 16460
  Last Hour Indexing Rate 17113
-------
Please press "Accept as Solution" if my post solved it 🙂

View solution in original post

the_rock
MVP Platinum
MVP Platinum
2 weeks ago
Jump to solution

Hey brother,

If you examine the output you sent, its safe to say you do need dedicated log server and here is why. Base don what you provided, appears average rate is between 1300-2300 logs/sec, but yet peak is almost 9000. 

Btw, what guys said also makes total sense.

Best,
Andy

View solution in original post

0 Kudos
3 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
2 weeks ago
Jump to solution

I would look at the Sizing recommendations listed here under Logs and Events.

https://support.checkpoint.com/results/sk/sk178325

 

 

Lesley
MVP Gold
MVP Gold
2 weeks ago
Jump to solution

If there are performance issues and there are to many logs Doctor Log will show an error like this(random numbers below):

ERROR Peak logging rate is too high. Max peak rate is 67000.
Logging Rates Information (per second):  
  Logging Rate 15004
  Peak Logging Rate 113376
  Last 10 Minutes Logging Rate 10
  Last Hour Logging Rate 15918
Indexing Rates Information (per second):  
  Indexing Rate 15413
  Peak Indexing Rate 55401
  Last 10 Minutes Indexing Rate 16460
  Last Hour Indexing Rate 17113
-------
Please press "Accept as Solution" if my post solved it 🙂
the_rock
MVP Platinum
MVP Platinum
2 weeks ago
Jump to solution

Hey brother,

If you examine the output you sent, its safe to say you do need dedicated log server and here is why. Base don what you provided, appears average rate is between 1300-2300 logs/sec, but yet peak is almost 9000. 

Btw, what guys said also makes total sense.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events