This feature allows you to limit the number of packets EventSentry will accept and, in turn, log to the event log. You can configure how many packets are accepted during a certain time period. Be sure to specify if each remote IP address should have its own limit, or if the limit applies to any (all allowed) IP address(es).
Example: Your threshold settings are set to each ip address and you entered 5 ip addresses into the authorized IP addresses list. Both threshold settings are set to 60. This means that each of the authorized hosts can send up to 60 packets in 60 seconds, resulting in a total of 300 packets in 60 seconds. This in turn yields a maximum of 18,000 messages per hour, which is quite a lot.
If you set the threshold type to any ip address, only a maximum of 60 messages per minute are logged, no matter from which IP address they originate.
Please set threshold limits very carefully and especially consider weekends. If you size your Application event log reasonably big (we recommend at least 5Mb) and choose careful threshold limits (1000 messages per day maximum for any ip address) then you should be prepared for the worst. |