SANCP Session Data

From NSMWiki
Jump to: navigation, search

The following are example SANCP disk usage scenarios for various production sensors. Please follow the initial templates when adding your information. Thank you!

Data Collection Methodology

Disk Usage: This is the amount of space occupied by the SANCP .frm, .MYD, and .MYI files in /var/db/mysql/sguildb for the period in question (30 Jun - 13 July, inclusive).

$ du -chs *sancp*20070630* *sancp*2007070* *sancp*20070710* \
> *sancp*20070711* *sancp*20070712* *sancp*20070713*

Record Count: This is the number of records in the SANCP database for the period in question (30 Jun - 13 July, inclusive).

$ mysql -u sguil -p sguildb -A -e "SELECT count(*) FROM sancp WHERE \
> start_time > '2007-06-30 00:00:00' and start_time < '2007-07-14 00:00:00'"
  • Example 1: Sguil installation
    • Period Collected: 14 days
    • Monitored Link: 6 Mbps (four bonded T-1s)
    • Maximum Bandwidth: Unknown
    • Average Bandwidth: Unknown
    • Disk Usage: 1.0 GB
    • Record Count: 6093707
  • Example 2: Sguil installation
    • Period Collected: 14 days
    • Monitored Link: 6 Mbps (four bonded T-1s)
    • Maximum Bandwidth: Unknown
    • Average Bandwidth: Unknown
    • Disk Usage: 395 MB
    • Record Count: 2276405

For his own purposes, one NSM practitioner uses the rule of thumb that 13 MB per 1 Mbps of traffic per day is needed for SANCP session data. As an example, a 50% average utilization 100 Mbps link requires 650 MB of disk space per day, so recording 90 days of session data requires 58500 MB (less than 60 GB).