cancel
Showing results for 
Search instead for 
Did you mean: 

ESM: how to limit event collection from data source

Dear Colleagues:

We are looking to limit event collection when ESM receivers retrieve events from Windows machines over slow links. We would like to set the receiver to only retrieve 100 messages, or 100KB in a single poll, and only do one pull per minute, as an example.

Any thoughts would be appreciated.

Thank you.

Dennis

2 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 3

Re: ESM: how to limit event collection from data source

Moved to SIEM for better handling - Moderator

Re: ESM: how to limit event collection from data source

That is not possible in the SIEM at this time. You can limit the ESM to receiver communication to certain time frames, but nothing to limit the receiver to WMI devices, you can only specify the rate at which it will poll the WMI device for new logs.