The infrastructure needed for on-premises installations has to be sized according to the expected volumes (events per second). The values in the table below can be provided to a single virtual machine or to a cluster of virtual machines (preferred for high availability).
There tables below include the SIEM (server) and the collector requirements.
Memory requirements for LogSentinel SIEM¶
|up to 5,000||16 GB||32 GB|
|up to 10,000||24 GB||48 GB|
|up to 20,000||32 GB||64 GB|
|up to 50,000||64 GB||128 GB|
Memory requirements for LogSentinel Collector¶
|up to 5,000||8 GB||12 GB|
|up to 10,000||12 GB||16 GB|
|up to 20,000||16 GB||24 GB|
|up to 50,000||32 GB||64 GB|
CPU requirements for LogSentinel SIEM and LogSentinel Collector¶
|EPS||Minimum number of CPU cores||Recommended number of CPU cores|
|up to 500||4||6|
|up to 1,000||6||8|
|up to 5,000||12||16|
|up to 10,000||16||24|
|up to 20,000||32||48|
|up to 50,000||64||72|
Disk space requirements for LogSentinel Collector¶
LogSentinel Collector does not store data. There may be temporary on-disk queues, so we recommend having 5GB of storage available.
Disk space requirements for LogSentinel SIEM¶
The disk space required depends on the volume of data and the retention periods. Data is compressed, but is also replicated in case of cluster deployments.
Disk space monitoring¶
We recommend enrolling the system for external disk space monitoring and increasing the available disk space once the available storage is 70% full.
LogSentinel SIEM supports built-in disk space monitoring and alerting in case the (configurable) 70% threshold is reached.