0 Replies Latest reply on Jul 25, 2009 8:38 AM by jawuk

    How long to keep events for? Limit to how many events before performance impact?

      Hi All

      i would like to know what peoples recommedations are for the time to keep events. I have 1 hour ASCI set and 3 products being managed. I have 12,000 systems being managed. I do not want to delete crucial events , but want to delete stuff that is not important. Probably average 4.5 events per client per day

      What is the recommended number of events to keep , how many millions before things get slow?

      Ideally keeping events for a year would be best, to be able to trace back out-breaks- abuse etc surely?

      I read McAfees sizing documents for EPO and it talks about number of systems that can be managed, and concurrent usage of the dashboards. In the test, they have 50,000 systems, but only 6,000,000 events. With every system in there say having a 1 hour ASCI and 4 events per client per day each, that is only 30 days worth of infomation.

      https://kc.mcafee.com/corporate/index?page=answerlink&url=0bc97397072bd71a8a439b 60a92c8cb6bcf890c2e2ab256f322dc909333977ca2e4ac972d4517969e6fd9a0339d92cf5becc06 79fb87ef69be8a2e5fd24179e5382252c80102a12c32b326dc220d2168&answerid=16777225&sea rchid=1248526902330