Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Maximum EPS per Agent/Collector?

Created: 04 Mar 2013 | 2 comments
laluna's picture

Hello,

What the maximum EPS  per one OFF BOX collector? 

And what the maximum EPS per one AGENT?

What the maximum EPS per sensor?

What the maximum number of sensors per collector?

 

 

Thank you! 

Comments 2 CommentsJump to latest comment

mathell's picture

Great questions, but I don't think you'll get a satisfactory answer for them.  In fairness, the details really matter.  However, it would be nice to have some real numbers based on some known "typical" environment, but I have not seen anything useful. 

Here is an example of what we see from a performance standpoint:

We have a collection/archive appliance and a correlation appliance.  Multiple off-box collectors. We have a single off-box Checkpoint collector that pulls from two log management servers.  During work hours that collector average about 3000 EPS.  Peak I would guess is often twice that.  The upstream collection/archive appliance, which averages about twice that in terms of EPS.  We are usually at least an hour and often two hours behind on the CP events.  The upstream collection appliance frequently has queues in the red.  So with an average rate of 5k-7k during business hours, the SSIM solution is having problems keeping up.  In our case, we believe it's mostly the result of the CP collector.

Milan_T's picture

Their is no specific limit of EPS in SSIM.

What the maximum EPS  per one OFF BOX collector? 

I have seen more than 1500 EPS on one OFF BOX collector and it may be more than that.

And what the maximum EPS per one AGENT?

It must be specific because sometime EPS increase may cause event agent in sleep state in this situation you will need to restart AGENT periodically.

What the maximum EPS per sensor?

EPS is not calculated per sensor but on the basis of offbox EPS or on the system where agent and collector are installed.

What the maximum number of sensors per collector?

I dont know limit but i have seen more than 85 sensor on one collector while comparing i have seen CPU utilization was high on that system.