IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Max supported log sources per managed host

    Posted Fri June 19, 2020 09:50 AM
    Hello all.

    I know that in terms of hardware QRadar handles EPS limit. Is there also a limit for the amount of log sources supported by each component (i.e. collector, processor, full deployment).

    Thanks!

    ------------------------------
    Andres Arguelles
    ------------------------------


  • 2.  RE: Max supported log sources per managed host

    Posted Sat June 20, 2020 11:30 AM
    My current environment has over 50k log sources and it is also possible to have hundreds of thousands of log sources. So I do not think there is a hard deployment limit for number of log sources.
    For special log sources types there can be technical limits to how many there can be. (wincollect, multiline syslog and similar ones)
    Original Message


  • 3.  RE: Max supported log sources per managed host

    Posted Mon June 22, 2020 10:10 AM
    Paul is correct. A few protocol types have limits as to how many instances can be deployed on a single event collector/processor, but in general there is no enforced limit on number of log source.

    Cheers
    Colin

    ------------------------------
    COLIN HAY
    IBM Security
    ------------------------------

    Original Message


Related Content