-
Notifications
You must be signed in to change notification settings - Fork 2
Network CheckPoint
Follow these steps to calculate/count the total amount of all FireWall Logs per second that arrive to this Security Management Server from all its managed Security Gateways:
- Connect to CLI on Security Management Server - over SSH, or console. Note: On Multi-Domain Management Server, go to the context of the relevant Domain Management Server:
[Expert@HostName]# mdsenv [Domain_Name|Domain_IP]
- Go to the Log directory:
[Expert@HostName]# cd $FWDIR/log
- Check by how much the size of the Pointer File grows during specific time (the time should be high enough to accumulate enough logs - e.g., 120 sec, 180 sec, etc):
[Expert@HostName]# ls -l fw.logptr ; sleep SLEEP_TIME ; ls -l fw.logptr
- Calculate the log rate per this formula:
RATE = ( SIZE_AFTER - SIZE_BEFORE ) / ( 4 * SLEEP_TIME )
Use these three commands to automate the calculations:
[Expert@HostName]# SLEEP_TIME=number_of_seconds
[Expert@HostName]# SIZE_BEFORE=$(ls -l fw.logptr | awk '{print }') ; sleep $SLEEP_TIME ; SIZE_AFTER=$(ls -l fw.logptr | awk '{print }')
[Expert@HostName]# expr \( $SIZE_AFTER - $SIZE_BEFORE \) \/ \( 4 \* $SLEEP_TIME \)
Notes:
-
If the rate value has to be used in a shell script, then use this syntax:
[Expert@HostName]# RATE=$(expr \( $SIZE_AFTER - $SIZE_BEFORE \) \/ \( 4 \* $SLEEP_TIME \)) -
If the rate value has to be collected in the loop from all Domain Management Servers on a Multi-Domain Server, then use these commands in the shell script:
#!/bin/sh
# Print log rate data on all Domains
SLEEP_TIME=number_of_seconds
echo "Started at $(/bin/date +%d-%b-%Y_%Hh-%Mm-%Ss)"
for DOMAIN in $(ls -1 $MDSDIR/customers)
do
mdsenv "$DOMAIN"
mcd log
SIZE_BEFORE=$(ls -l fw.logptr | awk '{print }')
sleep $SLEEP_TIME
SIZE_AFTER=$(ls -l fw.logptr | awk '{print }')
echo -n "- rate on "$DOMAIN" during "$SLEEP_TIME" seconds: "
expr \( $SIZE_AFTER - $SIZE_BEFORE \) \/ \( 4 \* $SLEEP_TIME \)
echo " "
done
echo "Finished at $(/bin/date +%d-%b-%Y_%Hh-%Mm-%Ss)"
exit 0