Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Nishtha_Baria
Staff
Staff

Created on ‎09-27-2023 10:05 PM

Article Id 276357

Technical Tip: Configuring EPS (Events Per Second) for Each Client in FortiSIEM

Description This describes how to configure EPS (Events Per Second) limits for individual clients or devices in FortiSIEM, Fortinet's Security Information and Event Management (SIEM) solution.
Scope FortiSIEM.
Solution

Configuring EPS (Events Per Second) limits for each client or device in FortiSIEM is essential for effective event management and SIEM performance optimization. The rate can be controlled at which events are generated and ensure that SIEM infrastructure operates efficiently.

 

Regularly monitor EPS usage and adjust limits as necessary to maintain an optimal balance between event capture and SIEM performance.

 

  1.  Log in to FortiSIEM: Open a web browser and log in to the FortiSIEM web interface using your administrative credentials
  2. Access Client Configuration: Navigate to the 'Devices' or 'Clients' section of FortiSIEM, where it is possible to view a list of registered clients or devices.
  3. Select a Client: Identify the client or device to configure EPS limits from the list. Select the client to access its configuration settings.
  4. Configure EPS Limits: In the client's configuration settings, locate the section or field related to EPS limits. The exact location and label may vary depending on the FortiSIEM version.
  • Typically, options to set limits for 'Events Per Second' or 'EPS'.
  • Enter the desired EPS limit for the selected client. This limit defines the maximum acceptable rate at which events can be generated by this client.
  1. Save Configuration: After setting the EPS limit, save the client's configuration. This ensures that the configured limit is applied to the client.
  2. Repeat for Other Clients: If it is necessary to configure EPS limits for multiple clients or devices, repeat the above steps for each client individually.
  3. Monitor EPS Usage: After configuring EPS limits, monitor the EPS usage for each client in FortiSIEM. To ensure that clients do not exceed their defined limits.
  4. Alerts and Notifications: Consider setting up alerts or notifications to be triggered when a client exceeds its EPS limit. To  take proactive action in response to high event generation rates.
  5. Review and Adjust Limits: Periodically review the EPS limits configured for clients. Adjust the limits as needed based on changing network conditions, client behavior, or SIEM performance requirements.

 

Related article:

Technical Tip: Understanding EPS (Events Per Second) by Each Client in FortiSIEM
Labels:
2453
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.