normalized log message
Determining the sizes of log management systems requires knowledge of the number of devices being monitored and the anticipated event rates for each class of system. In many customer engagements, Professional Services time may be required to measure the event rate calculations from all of the monitored devices. This is important since there are too many variables to predict the average or peak Events Per Day (EPS) of any given system. I would caution any customer that if the vendor they are working with gives them “magic” calculations and pricing without gathering the necessary information regarding customer-specific speeds and feeds, they can expect to spend a lot more money later once the vendor gets their foot in the door. Basically, poor planning will result in unavoidable OP/EX costs later.
EPS is one metric used by many log management and SIEM vendors to determine such factors as licensing, storage and peak system loads. Another variable used could be Events Per Day (EPD), especially when it relates to storage sizing and license enforcement. This is why it’s imperative that accurate device counts and product types are audited when planning a centralized log management or SIEM solution.
- SIEM Storage Calculator November 24, 2019
- AIO WP Security Firewall Log Hacks August 12, 2019
- Essential Firewall Rules for Internet Facing Firewalls July 23, 2019
- SIEM-as-a-Service: do the survey and let me know if you’re an early adopter… July 6, 2016
- Chronology of a Ransomware Attack December 2, 2015
- Are you a Security PreSales Ninja? July 28, 2015
- SCAM: Call from Computer Maintenance Department July 22, 2015
- Event Log Convergence = Business Intelligence January 18, 2015
- How to Become a C.S.I. – Enterprise Forensics using a SIEM March 26, 2014
- Determining Peak EPS Calculations in Logging January 21, 2014
- URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”
- S3 Ep102: How to avoid a data breach [Audio + Transcript]
- Optus breach – Aussie telco told it will have to pay to replace IDs
- WhatsApp “zero-day exploit” news scare – what you need to know
- Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?
- Morgan Stanley fined millions for selling off devices full of customer PII
- S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
- Interested in cybersecurity? Join us for Security SOS Week 2022!
- LastPass source code breach – incident response report released
- S3 Ep100.5: Uber breach – an expert speaks [Audio + Text]