If you intend to index your Firewall logs into Splunk, consider the size. Normally indexed logs in Splunk is half the original size but in this case, because the Checkpoint format is in binery, the log ends up 3 times as big.
With that in mind, and with Smart Log actually working so good, I wouldn't index all logs but only the Management logs.
With that in mind, and with Smart Log actually working so good, I wouldn't index all logs but only the Management logs.
No comments:
Post a Comment