How It Works - ConsolidationRelated Resources EventTracker features a powerful and flexible, software-only component framework called the Collection Point Architecture. The basic building block of the architecture is a Collection Point which:
A Collection Point can be as simple as a store and forward engine for a set of devices that transfer log archives to a central Collection Point or Collection Master, or a complete EventTracker installation with full alerting, correlation, reporting and analytics enabled. Within each Collection Point the collection and archival process or "stack" is virtualized and each Collection Point instance (physical or virtual) may contain as many as 10 Virtual Collection Point stacks. The collection stack is highly optimized and on a sub $2,000 server each Virtual Collection Point is able to process in excess of 2,000EPS or 20,000EPS for the Collection Point instance. Collection Points and Virtual Collection Points enable EventTracker to cost effectively scale down to very small installations or commodity hardware or up to the largest enterprises or multi-processor, multi-core machines.
EventTracker Architecture Finally, the individual components of EventTracker; the Correlation Engine, Event Archiver, Collection stack and the Web Portal are all individual components communicating via TCP/IP. These components can all be deployed on a single physical or virtual machine or on multiple machines for performance. In default mode EventTracker installs in minutes and can be processing events in less than an hour. At the same time the product can be configured and tailored in a relatively short amount of time for large enterprises with complex multi location collection or management requirements.
|
© 2009 Prism Microsystems, Inc. • Privacy • Terms of Use