Making ConnectionsRegarding the execution interval of the Azure Functions template for Cato log integration
I'd like to confirm something about Azure Functions processing.
■Requirements
- To forward Cato SASE logs to an Azure Log Analytics workspace, I'm using the following Cato log integration template.
https://github.com/catonetworks/cato-sentinel-connect/tree/main
-The Azure Functions specs are as follows:
OS: Linux
Plan: App Service Plan
Size: P1v3
Type: Custom Handler
Trigger: Timer trigger (30-second interval)
The following logs are targeted for integration:
-CommonSecurityLog
Log size: Approximately 2.5-5MB per 30 seconds (300-600MB per hour)
-CatoAuditEngine_CL
Log size: Less than 0.01MB per 30 seconds
■Question
I'm using a 30-second timer trigger, but the actual execution interval is 2 minutes. (The execution interval can be confirmed by counting the "Functions Execution Count" metric.)
Please confirm the following three points.
1. Is the change in execution interval due to a large log volume?
2. What should I do to set the execution interval to 30 seconds?
Would scaling up Azure Functions be effective?
3. Even if execution takes a long time, is the log integration being executed without any problems? Are there any logs being missed?
Note that in the test environment (log volume per 30 seconds is less than 0.01MB for both tables), execution is performed every 30 seconds.
