Skip to content

On-premise Sizing

The infrastructure needed for on-premises installations has to be sized according to the expected volumes (events per second). The values in the table below can be provided to a single virtual machine or to a cluster of virtual machines (preferred for high availability).

There tables below include the SIEM (server) and the collector requirements.

Memory requirements for LogSentinel SIEM

EPS Minimum Recommended
up to 5,000 16 GB 32 GB
up to 10,000 24 GB 48 GB
up to 20,000 32 GB 64 GB
up to 50,000 64 GB 128 GB

Memory requirements for LogSentinel Collector

EPS Minimum Recommended
up to 5,000 8 GB 12 GB
up to 10,000 12 GB 16 GB
up to 20,000 16 GB 24 GB
up to 50,000 32 GB 64 GB

CPU requirements for LogSentinel SIEM and LogSentinel Collector

EPS Minimum number of CPU cores Recommended number of CPU cores
up to 500 4 6
up to 1,000 6 8
up to 5,000 12 16
up to 10,000 16 24
up to 20,000 32 48
up to 50,000 64 72

Disk space requirements for LogSentinel Collector

LogSentinel Collector does not store data. There may be temporary on-disk queues, so we recommend having 5GB of storage available.

Disk space requirements for LogSentinel SIEM

The disk space required depends on the volume of data and the retention periods. Data is compressed, but is also replicated in case of cluster deployments.

Disk space monitoring

We recommend enrolling the system for external disk space monitoring and increasing the available disk space once the available storage is 70% full.

LogSentinel SIEM supports built-in disk space monitoring and alerting in case the (configurable) 70% threshold is reached.