Disk space calculation
The amount of disk space needed for the incident archive depends primarily on:
- The total size of the transactions resulting in incidents—in other words, the size of the email messages, HTTP posts, printed files, and so on, that violated policy.
Estimate total transaction size using the following formula:
(number of incidents per quarter) * (average transaction size) * 12
The product is multiplied by 12, because the system allows 12 archived partitions or 3 years of data.
-
- To see the number of incidents you’ve had this quarter, view the Incident Trends report ( ).
- To see the number and size of audited web and email transactions, view the upper right corner of the Dashboard ( ).
- The size of the metadata for the incidents
The metadata size can vary depending on the number of policies used and on incident complexity. Incident complexity is a factor of the number of policies, rules, content classifiers, and violation triggers that are involved. Generally, metadata takes no more than 10-20 bytes of information per incident. Use the Incident Trends report to gain visibility into the number of DLP incidents.
Estimate expected metadata size using the following formula: (number of incidents per quarter) * 20 bytes * 12
The total disk space required is the sum of the first and second result.
Depending on these factors, an archive containing 100,000 incidents could be between 10-20 MB and 1 GB.