This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Working out size of log events on disk

Go to solution
Anonymous
Not applicable

‎2019-10-16 10:52 PM

I'm going through the process of validating the storage configuration of our deployment and would like to work out the size on disk of the events of each log source type so I can calculate storage requirements based on EPS, etc.

 

Does anyone have any suggestions about going about that? For example for any syslog type event source just use the standard size of a syslog packet and for Winevents just work out the size of a event based on the evtx format?

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
AaronMartin2
Employee
Employee

‎2019-10-17 11:37 AM

The Reporting Engine can be your friend here. I may suggest you try a query like this and you can see how much data in logs you get daily/weekly or so forth.

pastedImage_2.png

pastedImage_1.png

View solution in original post

0 Likes
2 REPLIES 2

Go to solution
AaronMartin2
Employee
Employee

‎2019-10-17 11:37 AM

The Reporting Engine can be your friend here. I may suggest you try a query like this and you can see how much data in logs you get daily/weekly or so forth.

pastedImage_2.png

pastedImage_1.png

0 Likes

Go to solution
Anonymous
Not applicable
In response to AaronMartin2

‎2019-10-17 10:37 PM

Thanks Aaron, that'll solve my problem easily, Cheers.

 

I also created a rule for packets as well and just swapped out device.type with service

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.