Who rated this post

Who rated this post

reaper
L7 Applicator

only logging at session end has a greater multiplier than 2, as 'session start' will log each step a session takes, which could be 3-4 steps as sessions go from app-id to app-id, especially with ssl decryption involved, so don't use 'log at session start' unless you're temporarily troubleshooting or _really_ need all the logs

 

all logging generated on the firewall is sent to the management plane log disk, only there additional log forwarding is performed by the varlogrcvr, so log forwarding, regardles of protocol, causes load on the MP, not on the DP

 

some logging will be optimized compared to other, panorama logging will have the best performance as there is queueing and some mechanisms in place to trickle logs when needed, on other protocols your mileage may vary depending on the overhead ( udp > tcp > http )

 

 

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374

View solution in original post

Who rated this post