Owner's Manual
Hardware, Operating Systems and Ports Used 31
The numbers here reflect both SNMP traps as well as Syslog messages. Syslog messages can be
recieved at a higher rate without loss and are inspected very quickly, but escalated syslog messages
must still go through general event processing and correlation.
NOTE:
Sustained counts reflect the number of events that pass through correlation and filtering. For example,
10,000 syslog messages may yield only 50 escalated events. Here, the sustained rate for syslog is low
because we are assuming all messages are escalated. Higher volumes require more configuration to
detect and ignore unwanted traps or messages at the mediation layer.
Swap Files and Services
Best practice is to set the swap file for Windows to at least 1536M (larger is better), with its
minimum and maximum being set to the same value to avoid resizing and fragmentation of the
swap file. Ideally, it would be on its own partition or drive, separate from the OS or database.
Also, best practice is to look at what else is running on the box, including third party software
and
Windows services (
services.msc
). Stop unnecessary services and reset their startup type to
manual.
For example:
If netbios is enabled over TCP/IP, it should be disabled in the
Advanced TCP/IP properties
(
WINS
tab) for each connection, and the netbios, netbt, netbios helper and browser services should be
stopped and disabled. The netbios and netbt services are not visible from the services control panel
applet, but can be stopped using
net stop netbios, net stop netbt
.
Software Space Requirements
You cannot install applications unless the target drive has the required free space. Here are the
minimum requirements
Event type
SNMP Syslog
Service Sustained
(traps/s)
Burst
(traps/s)
Sustained
(msgs/s)
Burst
(msgs/s)
Mediation 200 4000 200 20,000
Application 120 2000 120 10,000
Software / Platform Full
Installation
Client
Installation
Application Only / Windows 2 G (plus) 330MB