SMC Log Analysis 100'000 entry limit
- Article Number: 000010160
- Products: NGFW Security Management Center
- Version: 6.8, 6.7, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 6.0, 5.9, 5.8, 5.7, 5.6, 5.5, 5.10
- Last Published Date: June 12, 2020
Why is there a 100000 log entry limit for SMC Log Analysis?
The Log Analysis arrangement provides various tools to analyze and visualize log data. For example, you can combine logs by service or situation, sort logs by column type, or view the data as charts or diagrams.
The various tools make it easier to notice patterns and anomalies in traffic.
When you enter Log Analysis mode, a maximum of 100000 log events is placed in the Log Server’s memory. Selection is performed by applying filters and selecting a time range in the Logs view.
NOTE: Live log analysis is opened by clicking Analyze (live).
The Log Analysis for the Current Events live logs view only applies to a maximum of 100 log events.
A limit for processed logs is required because Log Analysis data is handled in memory and the Log Server may also be performing several other operations.
IMPORTANT: Log Analysis operations will slow down as the number of events rises.
To modify the maximum number of log events available to Log Analysis:
Keywords: log server; logging; log analysis; monitoring; log event limit