[logs] Calculating events per sec
Anton Chuvakin
anton at chuvakin.org
Wed Jun 6 09:45:12 PDT 2007
All,
> I am working on putting together a SIMs package and one bit of info. I need
> is to calculate the events per second we expect to get. I don't know if
Well, this is a genuinely hard problem :-). One can come up with a
semi-sensible estimate based on global averages (e.g. a "typical"
Linux server produces X messages per day), but such estimates will
vary WILDLY. And I mean wildly like 1-1000 messages/second.
I'd suggest just looking at the daily logs and counting them (then
dividing by 24 x 3600 to come up with a per second rate) ... no rocket
science here.
Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
More information about the LogAnalysis
mailing list