License Report - ArcMC like ADP License Server and 2 HA Loggers
I would like to know where the ArcMC like ADP License Server gets information about License Usage. The ADP license server manages a licenses for two Loggers in HA. The ArcMC License Report shows values many times larger than both Loggers combined.
Where is the problem?
We recently did a full presentaiton on this topic to our Sales Consultants.
The author agreed to have it released as I think this is a GREAT explanation of what sometimes can be a confusing topic.
See that attached presentation:
ADP Licensing review
Measured in GB/day - This is based on the raw event size, before it is parsed and normalized by the Connector.
Based on the incoming Raw event size
Oct 10 20:13:18 host1 snmpd: Connection from UDP: [127.0.0.1]:33105->[127.0.0.1]:161
Not based on CEF Event size after the connector processes the event
CEF:1|Unix|Unix||arcsight:14:9|Connection from UDP: [127.0.0.1]:54669->[127.0.0.1]:161|Low| eventId=124498 categorySignificance=/Informational categoryBehavior=/Execute/Start categoryDeviceGroup=/Operating System catdt=Operating System categoryOutcome=/Attempt categoryObject=/Host/Application/Service art=1539202921390 rt=1521857325000 dhost=arcmc cs1=snmpd cs4=1411 cs1Label=Module cs2Label=Facility cs4Label=PID cn1Label=File Descriptor c6a2Label=Source IPv6 Address c6a3Label=Destination IPv6 Address ahost=10.103.75.50 agt=10.103.75.50 agentZoneURI=/All Zones/ArcSight System/Public Address Space Zones/Digital Equipment Corporation amac=14-02-EC-06-17-AC av=18.104.22.16836.0 atz=America/Los_Angeles at=syslog_file dvchost=arcmc dtz=America/Los_Angeles deviceProcessName=snmpd _cefVer=1.0 aid=3WAajX2YBABCAA1YuLowUBg==
ADP GB/day != Logger standalone GB/day
- Both are still measured by the raw event size, but…
- ADP GB/day measures anything that is parsed and processed by the Connector (even if destination based filtering is applied)... We’ll talk about pre-processing filters in a bit 😉
- Logger GB/day is measured only by the events that are sent to Logger (if destination based filtering is applied, those filtered events aren’t counted)
thank you for your reply. And what about Security ArcSight Data Platform 500 GB/day Base HA SW E-LTU? Can this licence be added to the ADP license server (ArcMC) or only to Logger(B) in HA?