Hello,
I'm trying to figure out on average what is volume of logs we're bringing in on a daily basis. Am I bringing in 2Gb of data on a daily basis or am I bringing in 800mbs a day I have no idea.
So far I haven't found an easy way to do this. Support said to run the database maintenance report but that only shows me the number of events that were brought in not the size on that given day.
I then SSH to the box and ran the diskusage command. I got the report below. Now the Logs: 829M stood out to me and it actually will increase every minute or so. I'm assuming that is what I'm looking for and if so I'm just looking for some verification. Then I can just monitor this to get an idea at the end of the day around midnight to see what I'm averaging for volume of logs coming in.
So if Anyone has any thoughts on if I'm right that this is the correct thing to be looking at or not and if you can point me in the right direction.
Partition Disk Usage:
LEM: 54% (1.5G/2.9G)
OS: 41% (1.2G/2.9G)
Logs/Data: 57% (123G/230G)
Temp: 19% (1013M/5.8G)
Database Queue(s): 4.0K (No alerts queued, -8257239616 alerts waiting in memory)
Rules Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)
Console Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)
DataCenter Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)
EPIC Rules Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)
Forensic Database Queue: 2.1M (0 data queued, 0 data items waiting in memory)
Logs: 829M <========= Volume of logs at this point of the day?
Tool Profiles Message Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)