How to check EPS (events per second) count on the Management Server (R80.10)?
Do you mean events as defined by SmartEvent or something else?
Yes, the events are defined by Smartevent but need to know about how the events count can be checked with the use of CPLogInvestigator?
I guess I have to ask the question: what’s the purpose behind the question?
Are you trying to size an appliance or is there some other reason?
A sizing tool for this purpose is planned.
CPLogInvestigator will tell you how many logs a given server has.
Non-firewall logs generally are already summarized (to an extent) and could be considered events on their own.
Firewall logs take the most work to “summarize” to events and the volume of logs that turn into events can vary.
I’ll have to see if I can find the estimations I used for this exercise previously.
At least based on a couple of years ago, roughly 13% of raw log entries become events.
That number will be highly dependent on your environment of course, and whether or not you're doing session-based logging in R80.x.
Also try these two commands for logging rate:
cpstat -f indexer mg
Total Read Logs: 10184191882 Total Updates and Logs Indexed: 10184191874 Total Read Logs Errors: 0 Total Updates and Logs Indexed Errors: 17827 Updates and Logs Indexed Rate: 0 Read Logs Rate: 0 Updates and Logs Indexed Rate (10min): 0 Read Logs Rate (10min): 0 Updates and Logs Indexed Rate (60min): 0 Read Logs Rate (60min): 0 Updates and Logs Indexed Rate Peak: 7908 Read Logs Rate Peak: 8004 Read Logs Delay: 0
cpstat -f log_server mg
Log Receive Rate: 9266 Log Receive Rate Peak: 24748 Log Receive Rate Last 10 Minutes: 9386 Log Receive Rate Last Hour: 9536
-- My book "Max Power: Check Point Firewall Performance Optimization" now available via http://maxpowerfirewalls.com.
With regards to using cpstat mg -f log_server output, is the:
1. Log Receive Rate a per second statistic?
2. and given that question 1 is true, is the Log Receive Rate Peak then the highest amount of logs that was received in one second at some point in time by the Management server?
Retrieving data ...