AMA local caching for syslog/CEF Log Collectors

Nouman Khan 21 Reputation points
2024-06-27T06:21:41.62+00:00

I am provisioning log collector VMs to collect syslog/CEF traffic. I need to ensure that in the event of a network connectivity issue, the log collectors can hold logs for up to 24 hours. Once connectivity is reestablished, the logs should be uploaded to the Log Analytics Workspace (LAW). Total 9 VMs are there with each log collector VM is sized to handle up to 10,000 Events Per Second (EPS).

A network load balancer will be used to distribute traffic among the log collector VMs.

Note: To store the events generated at a rate of 10,000 EPS for 24 hours, approximately 411.51 GB of storage is required per VM.

Queries:

Can the log collectors hold logs for 24 hours for a VM receiving 10,000 EPS?

Does the Azure Monitor Agent (AMA) support local caching for more than 10 Gbps?

What is the Microsoft recommended design/solution to achieve the above business objective?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,014 questions
0 comments No comments
{count} votes