FortiSIEM: EPS

Forum|Forum|1 year ago
May 20, 2024
2 replies
1560 views

Hi guys,

Is the EPS licence calculated based on the number of events received by the SIEM or the number of parse events? A log source receives 500 events per second and 200 are dropped and only 300 are processed. Will the EPS licence be 300 or 500 here?

aebadi

Staff

Hello,
FortiSIEM will re-allocate excess EPS (license minus the sum of Guaranteed EPS over all the collectors) based on need but the allocation will never go below the Guaranteed EPS

It will use whatever it needs to up to the licensed cap. If you deploy other Collectors, then now only the remaining EPS is guaranteed .

hope this answers the question

adem_netsysAuthor

Explorer III

In other words, if an event is dropped, for example, if we make an event drop, is the EPS used here the first one to arrive or the one that is parsed and left behind?

aebadi

Staff

I'm sorry but Im not following this question. Events that are dropped wont get parsed, EPS represents the rate at which events are generated and processed by a specific client or device within the network

aebadi

Staff

Please look to the guide for better understanding

Understanding EPS (Events Per Second) by ... - Fortinet Community

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded