Using the ePO Hardware Sizing and Bandwidth Usage Guide to begin my calculations for a customer of mine that has an existing ePO 3.6 environment and 8000 clients running AV, AS, and Firewall. They are upgrading to ePO 4.0 and up to date client versions on a total of 14,000 clients spread over 550 sites.
My question is - How do you calculate total daily events (ASCI) for each product as specified in the guide mentioned above (page 6)? I have looked at the existing server's Hourly ASCI Count query, but can't trust it as the count seems only to work for the present day (historical numbers change to a much smaller value when the day ends).
after some tries with different configurations I use follow settings for 6000 nodes: 90 minutes for agent - server communication bring only 10 major events each time filter most of events, especially "scan time out" in server settings, and this policy actually left most of "junk" on client
+ NAC events for basic policies for 3000 clients + RSD events for 300+ subnets
and still: have more than 4gb db with events on last 90 days only. product subset in my signature.
will start use more heavily Policy auditor and then db will grow up at least twice (for monthly scan and keep records for 90 days)
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.