cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Events Per Second Summary?????

Just got off the phone with (Gold) tech support and the tech was unsure where the Events Per Second Summary is on a receiver...We have a ERC-1250 and from my PDF it has a 5,000 EPS cap. So, my question is. Where is this info at on the SIEM? I checked the Receiver statistics page and nothing has the EPS. Tech support looked all around and they could not find it. Last thing we did was a putty session into the receiver and did a DSSUMMARY this pulled some stuff ( had no clue what it was) and we have well over 100 devices added in SIEM (Close to around 170 devices) The only thing the tech said and he wasn't 100% sure said "W/S 10M: 1,812.03 (100) W/S 24h: 1,742.77" he said the (100) was how many data source's we have added?

Does this sound correct? So we have 1,812 EPS? Is there a better way to find this info out rather then a dos looking screen? No statistics page on the receiver in SIEM? This seems really odd since how would users know when to upgrade ERC's or at the EPS cap?

Please Help!!!

Thanks

3 Replies
Highlighted

Re: Events Per Second Summary?????

Hi John,

I believe the 'dssummary' command is for troubleshooting but will also display your observed EPS in at the receiver. From my experience, you are unable to check this information from the GUI. So the results from your command show an average of 1812 EPS in over the last ten minutes and a average 1742 EPS in over the past 24 hours. I'm not really sure what the data in the parenthesis represent. I guessed it was a percentage distribution of EPS from all my devices.

One important note:

I'd recommened to calculate your environments peak EPS. Simply put, peak EPS is a calculation based on the number of devices and the max EPS they will generate. Peak EPS is usually what can bring down a SIEM, even if the peak EPS is only observed for a few seconds. There is no industry standard for computing this, but there are whitepapers out there that go into much more detail if you're interested. Just some thing to consider

Alex

Highlighted

Re: Events Per Second Summary?????

It would be nice to have some clarity around this. For example, with a polled event source - WMI for example - the events for a relatively long period arrive in a very short period of time. So would a 5000 EPS rated device only be able to handle 5000 events collected over, say, a 5 minute polling period? Or can it handle 1.5 million events collected on one burst?

cheers

Andrew

Highlighted
Level 9
Report Inappropriate Content
Message 4 of 4

Re: Events Per Second Summary?????

Hi John

Have you tried the following:

Dashboard Views ->McAfee event report ->McAfee General Views -> McAfee Collection Rate - Events Per Second

Cheers.

Japie

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community