2 Replies Latest reply on Jul 8, 2010 4:03 PM by SCtbe

    ASCI Calculations for Large Environment

      Using the ePO Hardware Sizing and Bandwidth Usage Guide to begin my calculations for a customer of mine that has an existing ePO 3.6 environment and 8000 clients running AV, AS, and Firewall. They are upgrading to ePO 4.0 and up to date client versions on a total of 14,000 clients spread over 550 sites.

      My question is - How do you calculate total daily events (ASCI) for each product as specified in the guide mentioned above (page 6)? I have looked at the existing server's Hourly ASCI Count query, but can't trust it as the count seems only to work for the present day (historical numbers change to a much smaller value when the day ends).
        • 1. RE: ASCI Calculations for Large Environment
          after some tries with different configurations I use follow settings for 6000 nodes:
          90 minutes for agent - server communication
          bring only 10 major events each time
          filter most of events, especially "scan time out" in server settings, and this policy actually left most of "junk" on client

          + NAC events for basic policies for 3000 clients
          + RSD events for 300+ subnets

          and still:
          have more than 4gb db with events on last 90 days only.
          product subset in my signature.

          will start use more heavily Policy auditor and then db will grow up at least twice (for monthly scan and keep records for 90 days)
          • 2. Re: RE: ASCI Calculations for Large Environment
            SCtbe

            And is there a way to count the number of clients events for example within 24 hours.

            I know that there is a query "Clients Events" under Events queries, but I do not believe that it couts all the events because there is also Threat Events query which reports differents events.

             

            The question is how to count all the events reported by client systems.