Disk space requirements on the SCSP server to store log archives when the Bulk Logging feature is enabled.

book

Article ID: 159142

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced

Issue/Introduction

How much space is required on the SCSP server to store log archives when the Bulk Logging feature is enabled?

Resolution

When Bulk Log Transfer is enabled, the SISIDSEvents*.csv file(s) containing all events will be compressed along with a very small contents summary file and uploaded to the Manager.

Because the file to be compressed is a text file, the compression ratio is very high (approximately 96%), meaning for example that a 10MB log file will be compressed into a zip file of roughly 320KB. A 10MB log file contains roughly 39,000 events, which at 1-2K per event, will take up at least 38MB in the database.

The amount of disk space required for bulk log archival on the SCSP Management server will depend on how many events are generated per Agent per day. In testing, agents with a default IPS policy generating in the area of 12000 events per day, which this could significantly increase depending on the policy used, can expect approximately 110KB per agent per day. 

At that rate, for 100 agents this comes to 10.8MB per day, or <4GB annually.