Hello Guys. I have the MX100 security appliance and it is dropping about 1 million events per day. The events dropped are not logged. When i hover my mouse over the details it says 'an event dropped" entry means that there was a burst of events in a short period of time and some events are not recorded because of the memory and bandwidth constraints on the security appliance. My questions are.
-What is a long term solution to this event drop issue?
-If i upgrade to MX250 or MX450, will this solve the issue?
Thank you
The event log in the dashboard is prone to this problem regardless of the model or device type. You're bets option IMO is to set up your own Syslog server on site and have the MX send logs to that device.
Thank you. This is very helpful
1 million events per day seems excessive.. Have you contacted support to see what they think?
What are your average number of clients over 30 days? It seem like a configuration problem or maybe a DOS attack of some sort.
Are there noticeable performance issues around this?
Agree with jdsilva about syslog. This should let you see what is going on at make some better decisions. In case you are not familiar with syslog I can suggest papertrailapp.com for a cloud based syslog server that is easy to setup.
Many thanks. papertrailapp.com is very helpful
@Tatah My immediate suggestion would be papertrail cloud. However, you should do some research as to your initial setup. For instance, I send each of my networks to a different syslog server inside of papertrail. In my experience this has worked way more efficiently as it separates all the data for each instead of having to search one server for all networks.
If you have any questions on setting up syslog this will be your go-to step by step guide from Papertrail.
- When it comes to upgrading just for the dropped events. My opinion is to hold off until you do your Root Cause analysis. There may be a symptom inside of the MX causing all the events to crash or it could be firmware related. Recently one of my MX's had a simmilar issue of events dropped (in the thousands not millions). The root cause for me ended up being the cell card looking for a connection. Once I removed that it was good to go no more errors.
Good luck and hopefully this helps