Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-05-2016 01:42 AM Edited on ‎04-06-2022 11:02 AM By Anonymous

Article Id 198532

Technical Note: [Accelops KB] Informational - How does a Collector enforce a license?

Description

Summary of Topic

This article describes how AO will enforce eps through collectors.  It will also describe the behavior and how this license will be used to limit eps collection

 

Background Information

In AO-SP mode, AccelOps collectors enforce an eps limit driven by license. AccelOps allows a burst of 110% of the license limit every 3 minutes.

A counter for the total number of received events in a 3 minute time window is maintained. Every incoming event increments the counter. Every second, a thread wakes up and checks the counter value. If the counter is smaller than 110% of the license limit (i.e. smaller than 1.1 * eps license limit * 180), then AccelOps continues collecting more events. Otherwise, events are discarded for the rest of the 3 min time window. The counter is reset at the end of the 3 minute time window.

 

Version Application

All



 
Labels:
357
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.