Sizing Storage Using the Logging Service Calculator
on 09-26-201812:39 AM - last edited on 12-28-201801:32 PM by ploera
Palo Alto Networks Live Community presents information about sizing log storage using our Logging Service. This service is provided by the Application Framework of Palo Alto Networks. You will find useful tips for planning and helpful links for examples. We also included a Logging Service Calculator.
Palo Alto Networks Logging Service exists as a cloud-based storage mechanism for logs generated by the security platform. When purchasing Palo Alto Networks devices or services, log storage is an important consideration. Ensuring sufficient log retention not only enables operations by ensuring data is available to administrators for troubleshooting and incident response, but it enables the full suite services provided by the Application Framework.
If you need guidance on sizing for traditional on-premise log collectors, see the following document:
When planning a log collection infrastructure, there are three main considerations that dictate how much storage needs to be provided. These are:
Average size of a log
Rate of log generation
Desired retention period
With PAN-OS 8.0, all firewall logs (including Traffic, Threat, Url, etc.) have an average size of 1500 bytes when stored in the logging service. This number may change as new features and log fields are introduced. When this happens, the attached tools will be updated to reflect the current status.
For firewall platforms, both physical and virtual, there are several methods for calculating log rate. Sometimes, it is not practical to directly measure or estimate what the log rate will be. Examples of these cases are when sizing for GlobalProtect Cloud Service.
Determining Log Retention Requirements
There are several factors that drive log storage requirements. Most of these requirements are regulatory in nature. Customers may need to meet compliance requirements for HIPAA, PCI, or Sarbanes-Oxely:
There are other governmental and industry standards that may need to be considered. Additionally, some companies have internal requirements. For example: that a certain number of days worth of logs be maintained on the original management platform. Ensure that all of these requirements are addressed with the customer when designing a log storage solution.
Note that some companies have maximum retention policies as well.
Check out the following article the goes into detail on the different methods used for sizing:
The tool is super user friendly. Simply select the products you are using and fill out the details (number of users or retention period for example). The calculator will display the recommended storage size for you based on the products you selected and the details you've specified: