WEBVTT

1
00:00.000 --> 00:03.170
In this video, which is going to be pretty short, I like to share with you some

2
00:03.170 --> 00:04.240
options regarding

3
00:04.240 --> 00:09.680
the 40 analyzer and taking a closer look at the log statistics and also the

4
00:09.680 --> 00:11.200
used storage space.

5
00:11.200 --> 00:14.480
And for some of this, we can do it at the Graphical User Interface at the 40

6
00:14.480 --> 00:15.760
Analyzer and for a few

7
00:15.760 --> 00:18.730
other options. We're going to use the command line and I'd like to show you

8
00:18.730 --> 00:19.600
examples of both.

9
00:19.600 --> 00:23.140
So let's begin at the command line interface at the 40 Analyzer. Now there's

10
00:23.140 --> 00:23.760
two ways of getting

11
00:23.760 --> 00:28.030
there. One is we could log into the GUI, click on this icon here to get a

12
00:28.030 --> 00:29.200
command line interface

13
00:29.200 --> 00:33.330
prompt. So that is one way or if we want to use a terminal emulator like putty
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

13
00:29.200 --> 00:33.330
prompt. So that is one way or if we want to use a terminal emulator like putty

14
00:33.330 --> 00:34.720
or secure CRT,

15
00:34.720 --> 00:39.670
we could SSH over to the 40 Analyzer and either way we can get the command line

16
00:39.670 --> 00:40.400
interface.

17
00:40.400 --> 00:45.120
So for the benefit of readability, I'm going to use a terminal emulator. And

18
00:45.120 --> 00:45.200
the

19
00:45.200 --> 00:48.910
terminal emulator I'm going to use is secure CRT. So I'll double click on my

20
00:48.910 --> 00:50.000
entry I have here

21
00:50.000 --> 00:55.980
40 40 Analyzer, which is at 192.168.1 to 81. And here is the 40 Analyzer. So

22
00:55.980 --> 00:57.440
regarding logs

23
00:57.440 --> 01:02.300
on this device, one thing we can do is we can do a diagnose 40 log D space and
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

23
00:57.440 --> 01:02.300
on this device, one thing we can do is we can do a diagnose 40 log D space and

24
01:02.300 --> 01:03.200
that D is for

25
01:03.200 --> 01:06.960
40 log Damon and we'll do a question mark. And then we have these options. So

26
01:06.960 --> 01:07.840
let's start off with

27
01:07.840 --> 01:11.380
log rate, cell type and log rate. And here we're showing us the last five

28
01:11.380 --> 01:13.120
seconds, last 30 seconds

29
01:13.120 --> 01:18.170
and last 60 seconds, the log rate. And that's the receive log rate coming in

30
01:18.170 --> 01:19.280
from the 40 gate

31
01:19.280 --> 01:22.410
devices reporting to it. If you want to see the totals, we can do the same

32
01:22.410 --> 01:23.440
command except instead

33
01:23.440 --> 01:28.470
of using log rate, we go ahead and specify log rate dash total right here. So I

34
01:28.470 --> 01:29.280
'm going to copy paste

35
01:29.280 --> 01:33.390
that in press center and that's showing us the total for the last hour, day and
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

35
01:29.280 --> 01:33.390
that in press center and that's showing us the total for the last hour, day and

36
01:33.390 --> 01:34.240
week. We could

37
01:34.240 --> 01:38.760
also do the diagnose for a specific administrative domain. So here if we did a

38
01:38.760 --> 01:40.080
diagnose for like D,

39
01:40.080 --> 01:43.710
the question mark, then we'll go ahead and put in log vol a DOM space and a

40
01:43.710 --> 01:44.800
question mark and then

41
01:44.800 --> 01:48.860
we can specify the name. So we are using the root a DOM. So put that in and

42
01:48.860 --> 01:50.240
that'll show us

43
01:50.240 --> 01:54.090
for the root a DOM. So these are based on the individual days and there's the

44
01:54.090 --> 01:55.600
average 32

45
01:55.600 --> 02:00.640
megabytes per day. We get also a diagnose 40 log D status press center just to
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

45
01:55.600 --> 02:00.640
megabytes per day. We get also a diagnose 40 log D status press center just to

46
02:00.640 --> 02:01.280
verify that it's

47
02:01.280 --> 02:05.570
running. We can also do a four-log D and a question mark here. Let's do the log

48
02:05.570 --> 02:06.720
rate type, which will

49
02:06.720 --> 02:10.180
show us the log rate for the individual log types. So let me go ahead and put

50
02:10.180 --> 02:11.280
that back in press

51
02:11.280 --> 02:14.630
center. So if we scroll up, I've got some really low numbers here because a lot

52
02:14.630 --> 02:15.680
of the time my 40

53
02:15.680 --> 02:19.260
analyzer is not running. So here showing us the last hour, day and week based

54
02:19.260 --> 02:20.160
on the various log

55
02:20.160 --> 02:24.160
types, including application control, web filter. And if you want to take a

56
02:24.160 --> 02:24.960
look at the message

57
02:24.960 --> 02:28.320
receive rate, there's an option for that as well. So we do a diagnose for the

58
02:28.320 --> 02:29.280
log D space question

59
02:29.280 --> 02:32.730
mark, and let's use this option message receive rate and we use this option
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

59
02:29.280 --> 02:32.730
mark, and let's use this option message receive rate and we use this option

60
02:32.730 --> 02:33.680
here message rate

61
02:33.680 --> 02:37.280
and press enter and that's showing us the message receive rate over the last

62
02:37.280 --> 02:38.560
five seconds as well as

63
02:38.560 --> 02:42.570
last 30 seconds and last 60 seconds. Now some of this information can also be

64
02:42.570 --> 02:43.600
seen at the GUI. So

65
02:43.600 --> 02:48.080
we go back to the GUI here and we go to the dashboards on the 40 analyzer and

66
02:48.080 --> 02:49.120
go to status. Here we

67
02:49.120 --> 02:51.860
have the log receive monitor, which is going to reflect pretty much the same

68
02:51.860 --> 02:52.720
information we saw

69
02:52.720 --> 02:57.040
the command line. If we scroll down, this also has the widget here for the disk

70
02:57.040 --> 02:57.920
I owe, and it also

71
02:57.920 --> 03:00.940
has the information for the insert rate versus the receive rate, which
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

71
02:57.920 --> 03:00.940
has the information for the insert rate versus the receive rate, which

72
03:00.940 --> 03:02.480
effectively is saying how long

73
03:02.480 --> 03:06.410
is it taking to take that data coming in and put it into the SQL database. Then

74
03:06.410 --> 03:07.280
if we scroll down,

75
03:07.280 --> 03:10.810
we have the log insert lag time and also the receive rate versus the forwarding

76
03:10.810 --> 03:11.520
rate. Again,

77
03:11.520 --> 03:14.940
we're not forwarding at the moment. So we're only having the receive rate here.

78
03:14.940 --> 03:15.520
And then if we scroll

79
03:15.520 --> 03:19.440
down, we also have this quoted usage as well. So firewall one is using 0.3%.

80
03:19.440 --> 03:20.640
And then unused,

81
03:20.640 --> 03:26.240
we have 99.6%, which equates to the pop up here as 49.8 gigs available for

82
03:26.240 --> 03:27.920
storage. Now also for

83
03:27.920 --> 03:33.330
settings regarding logging, if we go to system settings and we go to ADOMS, we
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

83
03:27.920 --> 03:33.330
settings regarding logging, if we go to system settings and we go to ADOMS, we

84
03:33.330 --> 03:34.240
can also control

85
03:34.240 --> 03:38.830
here on an ADOM level, the settings we want to use for the logging. So here for

86
03:38.830 --> 03:39.840
the root ADOM,

87
03:39.840 --> 03:42.840
we'll double click on that is showing us here the actual devices that are

88
03:42.840 --> 03:44.000
reporting to the ADOM,

89
03:44.000 --> 03:47.420
including branch firewall one, and the headquarters firewall one, two, and

90
03:47.420 --> 03:48.400
three. And then we have our

91
03:48.400 --> 03:52.840
data policy, how long to keep the data for analytics, 60 days, and then once

92
03:52.840 --> 03:54.160
they're archived, how long

93
03:54.160 --> 03:57.360
to keep them. And the data policy is going to depend quite a bit on the type of

94
03:57.360 --> 03:58.160
business you're in.

95
03:58.160 --> 04:02.310
So based on regulations, some companies may be required to keep the logs for
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

95
03:58.160 --> 04:02.310
So based on regulations, some companies may be required to keep the logs for

96
04:02.310 --> 04:03.440
longer. But generally

97
04:03.440 --> 04:07.870
speaking, you don't want to keep logs for longer than is needed or required.

98
04:07.870 --> 04:09.040
Under disk allocation,

99
04:09.040 --> 04:12.630
showing the allocated space 50 gigs. And based on the virtual machine I'm

100
04:12.630 --> 04:14.480
running, I've got 327,

101
04:14.480 --> 04:18.290
I could allocate, but I'm only allocating 50 gigs. And then for archiving, when

102
04:18.290 --> 04:19.200
it takes the log

103
04:19.200 --> 04:23.640
information and archives it by default, it's set here to 70%. So we can modify

104
04:23.640 --> 04:24.720
that we want to,

105
04:24.720 --> 04:28.560
and say, for example, we want to wait till I guess the 75% before we start arch

106
04:28.560 --> 04:29.680
iving. And then as far

107
04:29.680 --> 04:33.100
as the overall storage, alert and delete when usage reaches and by default, it
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

107
04:29.680 --> 04:33.100
as the overall storage, alert and delete when usage reaches and by default, it

108
04:33.100 --> 04:34.080
's set to 90%.

109
04:34.080 --> 04:39.040
So this is how we can control the data policy and the discolization per

110
04:39.040 --> 04:39.840
administrative domain.

111
04:39.840 --> 04:43.280
So if you click on cancel and go to the BR one eight on which we're currently

112
04:43.280 --> 04:44.000
not using,

113
04:44.000 --> 04:46.080
we'd have the similar options here as well.