Why is there a 100000 log entry limit for SMC Log Analysis?
- Article Number: 000010160
- Products: NGFW Security Management Center
- Version: 6.5, 6.4, 6.3, 6.2, 6.1, 6.0, 5.9, 5.8, 5.7, 5.5, 5.4, 5.3, 5.10, 5.1
- Last Published Date: November 01, 2018
Security Management Center (SMC) 5.x and 6.x
The Log Analysis arrangement provides various tools to analyze and visualize log data. For example, you can combine logs by service or situation, sort logs by column type, or view the data as charts or diagrams.
The various tools make it easier to notice patterns and anomalies in traffic.
When you enter Log Analysis mode, a maximum of 100000 log events is placed in the Log Server’s memory. Selection is performed by applying filters and selecting a time range in the Logs view.
NOTE: Live log analysis is opened by clicking Analyze (live).
The Log Analysis for the Current Events live logs view only applies to a maximum of 100 log events.
A limit for processed logs is required because Log Analysis data is handled in memory and the Log Server may also be performing several other operations.
IMPORTANT: Log Analysis operations will slow down as the number of events rises.
To modify the maximum number of log events available to Log Analysis: