RSA Admin

how can i define the Average EPS Utilization On collectors.

Discussion created by RSA Admin Employee on Sep 7, 2011
Latest reply on Nov 10, 2011 by RSA Admin

We are working working on defining Average EPS utilization on collectors after observing EPS overflow alerts in our RSA enVision setup.

In order to identify the Average EPS on collectors we are using below NIC message ID which is getting triggered after each 10 sec from each collectors showing throughput/sec.

%NIC-6-400023: Collector, Collector, -, -, -, -, Detail: 1896: Throughput: 1615 events/second

Using this message ID we have created report & it has been observed that during peak hours EPS is Approximate 3500- 4000.

To define the average EPS on collectors we have taken the average of this messages on per hour , per 30 min , per 15 min bais .

 

This is not helping us to identify the correct average EPS since even though taking 15 min average max Average EPS is not crossing 2500 which is not correct Average EPS.

 

Can anyone help me  to identify the best practice  to define average EPS utilization on collectors. Also I would like to know what should be threshold limit to upgrade the EPS license or installing new collectors.

Outcomes