Firewall Analyzer - Sizing Guide

This section lists the minimum system requirements for installing and working with Firewall Analyzer. Please refer our website for recommended system requirements.

Firewall Analyzer Version 12 onwards

  1. Hard disk space required
  2. Performance tuning - Hard disk requirements for more months
  3. PostgreSQL performance improvement parameters
  4. PostgreSQL tuning steps for Windows and Linux

Hard disk space required

Firewall Analyzer (For every 500 logs/sec & to maintain 1 day archive logs) 90 GB

*The disk space and RAM size requirements depends on the number of devices sending log information to Firewall Analyzer, the number of firewall log records received per second by Firewall Analyzer. 

Hard disk space requirement

The split up is: Archive+Index+PostgreSQL=Total

Log Records Rate For 1 Day For 1 Week For 1 Month
50 Logs/sec 1+0.5+10.5=12 GB 5+3+30=38 GB 18+7+75=100 GB
100 Logs/sec 2+1+15=18 GB 10+5+50=65 GB 35+15+100=150 GB
300 Logs/sec 6+3+31=40 GB 30+15+105=150 GB 100+45+295=440 GB
500 Logs/sec 10+5+75=90 GB 50+25+225=300 GB 170+70+480=720 GB
1000 Logs/sec 20+10+150=180 GB 95+45+500=640 GB 325+125+950=1.4 TB

 

Log Records Rate For 3 Months For 6 Months For 1 Year
50 Logs/sec 60+25+125=210 GB 120+40+160=320 GB 240+90+300=630 GB
100 Logs/sec 110+50+240=400 GB 220+80+320=720 GB 450+170+580=1.2 TB
300 Logs/sec 280+120+600=1 TB 500+200+800=1.5 TB 900+350+1250=2.5 TB
500 Logs/sec 470+230+1100=1.8 TB 900+400+2100=3.4 TB 1700+700+3600=6 TB
1000 Logs/sec 920+480+2100=3.5 TB 1750+750+4200=6 TB 2850+1250+6400=10.5 TB

 

Performance tuning

Hard disk requirements for more months

Note: The Log Records Per Second is the total log records received per second by Firewall Analyzer from all the configured devices.
Where to find the log flow rate steps to identify logs/sec?
  •  Dedicated machine has to be allocated to process more than 200 logs per second.
  • Dual core processors are needed to process more than 500 logs per second.
  • Quadra core processors are needed to process more than 1000 logs second.
  • Number of firewalls handled by the Firewall Analyzer will increase the requirement of the above RAM values. So it is better to have RAM value higher than the suggested value in case of having more than 5 firewalls.
  • Firewall Analyzer server and PostgreSQL database can be installed in separate machines, in case of higher log rate with low-end CPU machines.
  • The above Hard Disk space requirement projected is for one month. If you need to archive the logs for more number of months, multiply the above requirements with the number of months based on your requirement.

PostgreSQL performance improvement parameters

For better performance, we recommend replacing the existing PostgreSQL parameters mentioned in postgres_ext.txt available under <Firewall Analyzer Home>/pgsqldata directory

Parameters
Comments
port = 33336 This change requires Firewall Analyzer Appplication/Service restart
shared_buffers = 128 MB Minimum requirement is 128 KB.
This change requires Firewall Analyzer Appplication/Service restart
work_mem = 12 MB Minimum requirement is 64 KB.
maintenance_work_mem = 100 MB Minimum requirement is 1 MB.
checkpoint_segments = 15 Logfile segments minimum 1 and 16 MB each
checkpoint_timeout = 11 minutes Range: 30 seconds to 1 hour
checkpoint_completion_target = 0.9 checkpoint target duration is 0.0 - 1.0
seq_page_cost = 1.0 This parameter is measured in an arbitrary scale
random_page_cost = 2.0 This parameter is measured in same scale as above
effective_cache_size = 512MB  
synchronous_commit=off  

 

PostgreSQL tuning steps for Windows and Linux

  1. Stop the ManageEngine OpManager service.
  2. Navigate to <OpManager\pgsql\data> folder, open the file postgres_ext.conf

PostgreSQL performance improvement parameters are:

  • work_mem
  • maintenance_work_mem
  • effective_cache_size

Default value of above parameters:

  • work_mem = 12 MB
  • maintenance_work_mem = 100 MB
  • effective_cache_size = 512 MB

Edit the postgres_ext.conf file based on the system parameter and save the file.

Maximum value of Postgresql perfomance improvement parameters based on the RAM size and system parameter are below:

CPU configuration
 RAM
 Suggested values for PostgreSQL performance improvement
64 Bit machine 6 GB or more work_mem = 48 MB
maintenance_work_mem = 400 MB
effective_cache_size = 2048 MB
8 GB or more work_mem = 60 MB
maintenance_work_mem = 600 MB
effective_cache_size = 3072 MB
16 GB or more work_mem = 80 MB
maintenance_work_mem = 800 MB
effective_cache_size = 8192 MB

  1. Start the ManageEngine OpManager service.

 

Note:
  1. In case you are running with 1024 MB of RAM or less and experiencing slow response, we recomm the RAM.
  2. For MSSQL database, the database tuning is not actually needed, you can tune only the Java of Firewall Analyzer.

If  you have any question, please feel free to send a mail to fwanalyzer-support@manageengine.com

 

 

Back to Top