Hello,

We have a number of remote sites that we are currently actively monitoring with PA, connected to our headquarters via an MPLS network. I have noticed via netflow that there is a large amount of network traffic between the remote Windows servers and PA monitor. We are utilizing the standard monitors. I assume some monitors require more bandwidth than others such as the watch folders. Does anyone have any recommendations on how to minimize the traffic without disabling the monitors all together?

Thanks,

Josh

asked 21 Mar '17, 11:06

JCMorris's gravatar image

JCMorris
1112
accept rate: 0%


The largest monitors as far as bandwidth is concerned are:

  1. Event Log Monitor
  2. Service Monitor
  3. File & Directory Change monitor
  4. Performance Monitor (depending on how many counters are watched)

You could have #2, #3 and #4 run less often and that would reduce network usage. For #1, the events will have to be read sooner or later. Make sure you're not watching Event Logs that you don't care about.

The thing that would help most is to have a Satellite monitoring service running at the remote site. Then all of the chatty Windows protocols are kept on the remote network, and you only have the Satellite traffic, which is compressed considerably, and much less chatty. That usually makes a big difference.

link

answered 18 Apr '17, 12:21

Doug's gravatar image

Doug ♦♦
10.2k122138
accept rate: 21%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×9
×3

Asked: 21 Mar '17, 11:06

Seen: 2,822 times

Last updated: 18 Apr '17, 12:21