Log Connector limitation?

Reply
L2 Linker

Log Connector limitation?

Hi All,

Getting ready to work with a customer where I will need to help them create a log connector and convert them from port based to app-id. Is there a limitation to the size of the log file we can look at? Is MT actually pulling the log file into the tool or are we simply reading the log file on the firewall and it stays on the firewall?

Thanks

Tags (2)
Highlighted
L7 Applicator

Re: Log Connector limitation?

The tool generates dynamic reports using the xml api the output will be a xml file and that xml is stored into the tool. No logs are read directly only the output from the dynamic custom report


Regards

L2 Linker

Re: Log Connector limitation?

Thanks Albert

I'm asking because my customer has a 7050 with 1.5TB of traffic log and I'm sure they'll want to go back as far as we can to make sure we grab everything and I was curious if there were any limitations with this. I guess there is no limit to the size of the  output from the dynamic custom report then?

L7 Applicator

Re: Log Connector limitation?

The limit is 500 elements by rule, the element is a unique combination between application and port. You can split the rule if you reach the 500 elements in many rules with different applications found using this process

L2 Linker

Re: Log Connector limitation?

cool, thanks !!

L3 Networker

Re: Log Connector limitation?

So to confirm, is there a date range limitation for log connectors?

 

I just read this in the 3.1 User Guide (p.59)...

 

"After completing a migration project, you can still go back and create a Collector that
will use the Devices you defined on the main Dashboard. With that in place you can
collect traffic data from up to seven days ago and use the App-ID Reconciliation
option to generate Layer 7 rules for you based on real data from the logs."

 

Is the limit 7 days, or only limited by 500 application-port combinations per rule?

L7 Applicator

Re: Log Connector limitation?

Hi,

 

there is no limit regarding a date range. The only limitation is the output from a report using the apis and is 500 elements. How we are retrieving a combination of app + port its possible with to find that we seen only one app for example skype because is using more than 500 different ports. This is the limitation. In newer versions we will try to sort this by adding more reports but removing the apps seen in the previous report to get the new apps.

 

Regards

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!