Getting ready to work with a customer where I will need to help them create a log connector and convert them from port based to app-id. Is there a limitation to the size of the log file we can look at? Is MT actually pulling the log file into the tool or are we simply reading the log file on the firewall and it stays on the firewall?
Solved! Go to Solution.
The tool generates dynamic reports using the xml api the output will be a xml file and that xml is stored into the tool. No logs are read directly only the output from the dynamic custom report
I'm asking because my customer has a 7050 with 1.5TB of traffic log and I'm sure they'll want to go back as far as we can to make sure we grab everything and I was curious if there were any limitations with this. I guess there is no limit to the size of the output from the dynamic custom report then?
So to confirm, is there a date range limitation for log connectors?
I just read this in the 3.1 User Guide (p.59)...
"After completing a migration project, you can still go back and create a Collector that
will use the Devices you defined on the main Dashboard. With that in place you can
collect traffic data from up to seven days ago and use the App-ID Reconciliation
option to generate Layer 7 rules for you based on real data from the logs."
Is the limit 7 days, or only limited by 500 application-port combinations per rule?
there is no limit regarding a date range. The only limitation is the output from a report using the apis and is 500 elements. How we are retrieving a combination of app + port its possible with to find that we seen only one app for example skype because is using more than 500 different ports. This is the limitation. In newer versions we will try to sort this by adding more reports but removing the apps seen in the previous report to get the new apps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!