Firewall Analyzer - Sizing Guide


    This section lists the minimum system requirements for installing and working with Firewall Analyzer. Please refer our website for recommended system requirements.

    Firewall Analyzer Version 12 onwards

    1. Hard disk space required
    2. Performance tuning - Hard disk requirements for more months
    3. PostgreSQL performance improvement parameters
    4. PostgreSQL tuning steps for Windows and Linux

    Hard disk space required

    Firewall Analyzer (For every 500 logs/sec & to maintain 1 day archive logs) 90 GB

    *The disk space and RAM size requirements depends on the number of devices sending log information to Firewall Analyzer, the number of firewall log records received per second by Firewall Analyzer. 

    Hard disk space requirement

    The split up is: Archive+Index+PostgreSQL=Total

    Log Records Rate For 1 Day For 1 Week For 1 Month
    50 Logs/sec 1+0.5+10.5=12 GB 5+3+30=38 GB 18+7+75=100 GB
    100 Logs/sec 2+1+15=18 GB 10+5+50=65 GB 35+15+100=150 GB
    300 Logs/sec 6+3+31=40 GB 30+15+105=150 GB 100+45+295=440 GB
    500 Logs/sec 10+5+75=90 GB 50+25+225=300 GB 170+70+480=720 GB
    1000 Logs/sec 20+10+150=180 GB 95+45+500=640 GB 325+125+950=1.4 TB

     

    Log Records Rate For 3 Months For 6 Months For 1 Year
    50 Logs/sec 60+25+125=210 GB 120+40+160=320 GB 240+90+300=630 GB
    100 Logs/sec 110+50+240=400 GB 220+80+320=720 GB 450+170+580=1.2 TB
    300 Logs/sec 280+120+600=1 TB 500+200+800=1.5 TB 900+350+1250=2.5 TB
    500 Logs/sec 470+230+1100=1.8 TB 900+400+2100=3.4 TB 1700+700+3600=6 TB
    1000 Logs/sec 920+480+2100=3.5 TB 1750+750+4200=6 TB 2850+1250+6400=10.5 TB

     

    Performance tuning

    Hard disk requirements for more months

    Note: The Log Records Per Second is the total log records received per second by Firewall Analyzer from all the configured devices.
    Where to find the log flow rate steps to identify logs/sec?
    •  Dedicated machine has to be allocated to process more than 200 logs per second.
    • Dual core processors are needed to process more than 500 logs per second.
    • Quadra core processors are needed to process more than 1000 logs second.
    • Number of firewalls handled by the Firewall Analyzer will increase the requirement of the above RAM values. So it is better to have RAM value higher than the suggested value in case of having more than 5 firewalls.
    • Firewall Analyzer server and PostgreSQL database can be installed in separate machines, in case of higher log rate with low-end CPU machines.
    • The above Hard Disk space requirement projected is for one month. If you need to archive the logs for more number of months, multiply the above requirements with the number of months based on your requirement.

    PostgreSQL performance improvement parameters

    For better performance, we recommend replacing the existing PostgreSQL parameters mentioned in postgres_ext.txt available under <Firewall Analyzer Home>/pgsqldata directory

    Parameters
    Comments
    port = 33336 This change requires Firewall Analyzer Appplication/Service restart
    shared_buffers = 128 MB Minimum requirement is 128 KB.
    This change requires Firewall Analyzer Appplication/Service restart
    work_mem = 12 MB Minimum requirement is 64 KB.
    maintenance_work_mem = 100 MB Minimum requirement is 1 MB.
    checkpoint_segments = 15 Logfile segments minimum 1 and 16 MB each
    checkpoint_timeout = 11 minutes Range: 30 seconds to 1 hour
    checkpoint_completion_target = 0.9 checkpoint target duration is 0.0 - 1.0
    seq_page_cost = 1.0 This parameter is measured in an arbitrary scale
    random_page_cost = 2.0 This parameter is measured in same scale as above
    effective_cache_size = 512MB  
    synchronous_commit=off  

     

    PostgreSQL tuning steps for Windows and Linux

    1. Stop the ManageEngine OpManager service.
    2. Navigate to <OpManager\pgsql\data> folder, open the file postgres_ext.conf

    PostgreSQL performance improvement parameters are:

    • work_mem
    • maintenance_work_mem
    • effective_cache_size

    Default value of above parameters:

    • work_mem = 12 MB
    • maintenance_work_mem = 100 MB
    • effective_cache_size = 512 MB

    Edit the postgres_ext.conf file based on the system parameter and save the file.

    Maximum value of Postgresql perfomance improvement parameters based on the RAM size and system parameter are below:

    CPU configuration
    RAM
    Suggested values for PostgreSQL performance improvement
    64 Bit machine 6 GB or more work_mem = 48 MB
    maintenance_work_mem = 400 MB
    effective_cache_size = 2048 MB
    8 GB or more work_mem = 60 MB
    maintenance_work_mem = 600 MB
    effective_cache_size = 3072 MB
    16 GB or more work_mem = 80 MB
    maintenance_work_mem = 800 MB
    effective_cache_size = 8192 MB

    1. Start the ManageEngine OpManager service.

     

    Note:
    1. In case you are running with 1024 MB of RAM or less and experiencing slow response, we recomm the RAM.
    2. For MSSQL database, the database tuning is not actually needed, you can tune only the Java of Firewall Analyzer.

    If  you have any question, please feel free to send a mail to fwanalyzer-support@manageengine.com