Sizing Storage Using the Logging Service Calculator

by on ‎09-26-2018 12:39 AM - last edited Monday by (5,645 Views)

Palo Alto Networks Logging Service exists as a cloud-based storage mechanism for logs generated by the security platform. When purchasing Palo Alto Networks devices or services, log storage is an important consideration. Ensuring sufficient log retention not only enables operations by ensuring data is available to administrators for troubleshooting and incident response, but it enables the full suite services provided by the Application Framework.

 

If you need guidance on sizing for traditional on-premise log collectors, see the following document:  

 

https://live.paloaltonetworks.com/t5/Management-Articles/Panorama-Sizing-and-Design-Guide/ta-p/72181

 

When planning a log collection infrastructure, there are three main considerations that dictate how much storage needs to be provided. These are:

 

  1. Average size of a log
  2. Rate of log generation
  3. Desired retention period

 

Log Sizes

With PAN-OS 8.0, all firewall logs (including Traffic, Threat, Url, etc.) have an average size of 1500 bytes when stored in the logging service. This number may change as new features and log fields are introduced. When this happens, the attached tools will be updated to reflect the current status.

 

Log Rate

For firewall platforms, both physical and virtual, there are several methods for calculating log rate.  Sometimes, it is not practical to directly measure or estimate what the log rate will be. Examples of these cases are when sizing for GlobalProtect Cloud Service.

 

Determining Log Retention Requirements

There are several factors that drive log storage requirements. Most of these requirements are regulatory in nature. Customers may need to meet compliance requirements for HIPAA, PCI, or Sarbanes-Oxely:

 

 

There are other governmental and industry standards that may need to be considered. Additionally, some companies have internal requirements. For example: that a certain number of days worth of logs be maintained on the original management platform. Ensure that all of these requirements are addressed with the customer when designing a log storage solution.

Note that some companies have maximum retention policies as well.

 

Check out the following article the goes into detail on the different methods used for sizing:

https://live.paloaltonetworks.com/t5/Learning-Articles/Sizing-Storage-for-the-Logging-Service/ta-p/1...

 

The actual calculator can be found here:

https://apps.paloaltonetworks.com/logging-service-calculator

 

The tool is super user friendly.  Simply select the products you are using and fill out the details (number of users or retention period for example).  The calculator will display the recommended storage size for you based on the products you selected and the details you've specified:

 

2018-09-26_09-28-28.pngLogging Service Calculator

2018-09-26_09-28-34.png

 

 

 

 

Stay secure !

-Kiwi out !

 

 

Ask Questions Get Answers Join the Live Community
Labels