IBM Security QRadar

Hello all.

I know that in terms of hardware QRadar handles EPS limit. Is there also a limit for the amount of log sources supported by each component (i.e. collector, processor, full deployment).

Thanks!

------------------------------
Andres Arguelles
------------------------------

My current environment has over 50k log sources and it is also possible to have hundreds of thousands of log sources. So I do not think there is a hard deployment limit for number of log sources.
For special log sources types there can be technical limits to how many there can be. (wincollect, multiline syslog and similar ones)
Original Message:
Sent: Fri June 19, 2020 09:30 AM
From: Andres Arguelles
Subject: Max supported log sources per managed host

Hello all.

I know that in terms of hardware QRadar handles EPS limit. Is there also a limit for the amount of log sources supported by each component (i.e. collector, processor, full deployment).

Thanks!

------------------------------
Andres Arguelles
------------------------------

Paul is correct. A few protocol types have limits as to how many instances can be deployed on a single event collector/processor, but in general there is no enforced limit on number of log source.

Cheers
Colin

------------------------------
COLIN HAY
IBM Security
------------------------------

Original Message:
Sent: Fri June 19, 2020 09:30 AM
From: Andres Arguelles
Subject: Max supported log sources per managed host

Hello all.

I know that in terms of hardware QRadar handles EPS limit. Is there also a limit for the amount of log sources supported by each component (i.e. collector, processor, full deployment).

Thanks!

------------------------------
Andres Arguelles
------------------------------