- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Performance Monitoring Log
Hi,
We want to extract PAM logs to lower EPS values, is there anyone who will advise us on this issue, SIEM can create correlation with these logs, but what are the ones that you do not consider important?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @adem_netsys ,
Very difficult question to answer, it all depends on your objectives and what the PAM platform is trying to protect.
For example an organisation might want to keep all possible logs on a SIEM to verify that there is no data manipulation or for reporting reasons.
A different approach might be to send logs that deviate from what the allow procedures on a PAM are.
It all depends on what you are trying to achieve.
In general if it is not strictly necessary, you can exclude performance and general system health logs.
Regards,
S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @sioannou
For this I can extract all logs starting with PH_DEV_MON, right? Maybe the event of this can be excluded here because of the "No logs from device" rule.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @adem_netsys ,
Yes if you do not want to monitor the system performance PH_DEV_MON can be excluded from collection and that will lower your EPS count or you can change the polling interval to make it less aggressive, hence collecting less data.
The link below specifies what counts towards the EPS license.
https://help.fortinet.com/fsiem/7-2-1/Online-Help/HTML5_Help/Event-categories-handling.htm
Regards,
S
![](/skins/images/314F488D15A2016126B094729A0E57E8/responsive_peak/images/icon_anonymous_message.png)