Does anyone having calculation sheet of EPS
Am looking for calculation sheet of EPS, storage and devices.
like network devices xxx router/switch will produce xxx eps and require xxx storage for retention period of xxx days.
Can anyone in this forum able to help me to get this information or guide me to this.
ArcSight had some documents (xls) for calculating summary EPS and required devices. I don't know if it is some documents for current version of HW.
But you need information about typical EPS for specific devices, what isn't possible at all. Every device type can generate variable EPS based on it's function and configuration. Firewall in perimeter can generate few hundred EPS, same firewall type in local area can generate few EPS.
What you need for implementation is analyze current EPS of all devices and than calculate required storage and retention.
Thanks for your reply,
am just looking generic documents, since one of our client has asked to share the Low level design of ArcSight architecture, he has mentioned the number of devices count, like 5 juniper firewalls, 2 Cisco ASA, 20 Oracle/SQL Database servers, 4 Juniper IDP, 1 Juniper NSM, 20 Windows servers (OS level monitoring), 10 linux machine, 2 proxy servers. Since these are all standard ones,not customised devices, he has not given the eps count, he is insisted to prepare the ArcSight architecture with 1 year retention of logs.
Am just furious how to calculate the eps count now and how to get the storage configuration to store 1 year retention of logs.
If you dont mind pls do share the documents (xls) for calculating EPS and storage which you have for your verion of HW.
Your customer have bad meaning about standard. Standard is common OS type OK, but standard isn't in EPS. Some Windows server in specific configuration (about 1000 users) can generete 100 EPS, but other (with 100 users) only 10 EPS and so on. Not good configured IPS/IDS devices can produce few hundred EPS, better configured about 10 EPS. You can try calculating from ArcSight specific numbers, but I mean you can have very different numbers in real customer environment.
Try this documents:
Thanks for sharing, really appreicate your thoughts, i felt the same..
How ever when i open the document am unable to view, its saying " Access to this place or content is restricted. If you think this is a mistake, please contact your administrator or the person who directed you here. "
Can you please share both the documents via mail firstname.lastname@example.org or upload in your profile documents folder.