Learn how to properly size storage for Strata Logging Service.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The sizing information does not apply to:
- the qualifying users of Strata Logging Service using the new license that comes with one year log retention.
- Cloud NGFW for AWS deployments - for Cloud NGFW for AWS resources, Strata Logging Service dynamically allocates total storage based on usage.
Strata Logging Service is a cloud-basedservice for secure storage of Palo Alto Networks firewall logs regardlessof form factor, location, or scale. When purchasing Palo Alto Networksdevices or services, log storage is an important consideration.Ensuring sufficient log retention enables operations by ensuringdata is available to administrators for troubleshooting and incident response.Maintaining a healthy backlog of data allows you to fully utilizevarious Palo Alto Networks products.
Sizing Considerations
When planning a logcollection infrastructure, there are some considerations that dictatehow much storage needs to be provided:Average size ofa log.
Log rate for NGFWs.
Throughput and number of users for Prisma Access.
Desired retention period.
Log Sizes
All firewall logs (including Traffic, Threat, URL, etc.) have an average size of 2500 bytes when stored in Strata Logging Service. This number may change as new features and log fields are introduced. When this happens, the SLS Estimator will be updated to reflect the current status.Log Rate
For both physical and virtual firewallplatforms, there are several methods for calculating log rate basedon predefined connections-per-second.Throughput and Users
Occasionally, it is not practical to directly measure or estimate what the log rate will be. Examples of these cases are when sizing for Prisma Access. Different use cases, such as remote networks and mobile users, use different metrics, like throughput and the number of users.Log Retention
There are several, mostly regulatory,factors that drive log storage requirements. Users may need to meetcompliance requirements for HIPPA, PCI, or Sarbanes-Oxley:Theremay be other governmental or industry standards, including some internalstandards within your company.
Methods for Sizing
You can size storage forStrata Logging Service using three different methods:Basedon log rate: This will be the most accurate method.
Based on throughput: This is used when sizing storage for Prisma Access (Remote Networks).
Based on user count: This is used when sizing storage for Prisma Access (Mobile Users).
Calculate Storage with the Strata Logging Service Estimator
You can use this app to estimate the amount of Strata Logging Service storage you may need to purchase.
Select which products you will be using in your network, and enter the necessary metrics mentioned above, to estimate your recommended purchase for sufficient log retention.
Next-Generation Firewall
The Next-Generation Firewall section allows you to size based on Log Rate:
This is a traditional log-rate based estimator for firewalls. The only input required is log rate and desired retention date (in days).
If you are unable to calculate your own log rate, select I don’t know the log rate to estimate your log rate using the number of deployed firewalls and their utilization percentages.
Prisma Access (Remote Networks)
The Prisma Access (Remote Networks) section allows you to size based on bandwidth:
This option requires more data to provide an accurate number. Prisma Access (Remote Networks) is sold according to throughput. When 100Mbps is purchased and allocated to a location, it's not likely that the link will see 100% utilization all of the time. In addition to entering the throughput purchased, the estimator requires desired retention period (in days) and utilization data for production and non-production hours.
Prisma Access (Mobile Users)
The Prisma Access (Mobile Users) section allows you to determine how much storage you need based on the number of mobile users:
The only input required is the number of users and desired retention period (in days).
IoT Security
The IOT Security section allows you to determine how much storage you need based on Cortex XDR utilization:
IoT Security increases storage demand across firewalls. It requires Enhanced Application Logs, which are streamed in order to discover IoT/OT devices, identify risks, security threats, and anomalies, and to perform analytics. When you select this option, the estimator automatically calculates the increase in storage demand for all other sections highlighted.
For a traditional NGFW deployment, log rate will still yield the most accurate numbers for log storage. In cases where measuring or estimating the log rate isn't practical, you can size based on bandwidth using the Prisma Access (Remote Networks) section.
