I would personally think logging to CMA is not a good practice in P-1 environment w/ such a large implementation. It would lead to situations which you have rightly pointed out are causing you issues and would require unnecessary day to day maintenance to offload logs completely off the $FWDIR/log of the CMA's. MLM is a good solution but there are other solutions as well depending upon your requirements but on your question of 'when is it the case to offload logs to some dedicated log server is in fact 'right now' in your case. You have kinda illustrated the problem and I would feel you have strong business case already....
Rajeev On 5/24/07, cisco4ng <[EMAIL PROTECTED]> wrote:
I need advice on Provider-1 we currently have P-1 NG FP3 running on Solaris with about 500+ CMAs spanning across 5 different containers. In our environment, we have two MDS managers and five MDS containers. We do not have any MLM in our NG FP3 deployment. The log on the firewalls is being sent to the CMA. Some of the customers that we have a LOT of logs. Some of the CMAs average about 5Gig of logs a day. we rotate the log every 4 hours. We also have script to zip up the log for these customers and move them of the log directory. They only have 5 days worth of log in the CMA $FWDIR/log directory. However, that still translates into 25GB of logs. Problem is that everynow and then, the CMA for one of these customers just stops working beyond repair and the only way to fix it is to restore from backup. We're going to move these customers to P-1 NGx R61 soon and in our NGx R61 environment, we do not have MLM in our design and it worries me that we are going to repeat the same problem. My question is this: when is it a good idea to get a separate MLM to to store log for these customers? What is the threshold that will justify in purchasing separate MLM Servers? You're talking hardware cost in addition to Checkpoint license. thank you. --------------------------------- Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
