Nagios Support Forum

What is recomenetation for Log Server Architecture and Sizing for
40 GB / Day from 3000 Devices .
Kindly Suggest

Thanks

I would recommend two NLS instances to have the redundancy. NLS stores a copy of the data whether you have multiple nodes in a cluster or not so plan to use twice the disk space if the 'cluster' only as a single node.

4 core CPU and 32GB of memory total are a good place to start(or dual core and 16GB per node if there are multiple nodes in the cluster).

Thanks for the Input .
So if specs are
- 40 GB Per Day
- 3000 Devices for Logging
- 3 Month Online Logs
- 1 Year Log Retention
What Would be your Ideal Server and Storage Sizing for the Same keeping in view the environment be redundant with cluster

TIA

Rounding up to give us some wiggle room, I'd say 4TB of space on each node to store the last 3 months and 11TB of space on a remote share to hold archived data for the other ~270 days. Depending on how much parsing/filtering of the logs you plan to do this may fluctuate - for example, are you adding geo location, DNS info, or parsing out data from the logs to store into separate fields? Per event this may require little extra space but over billions of events this could add up. I would recommend setting up a test machine if possible and send a typical day's worth of logs at it to get an idea of what to expect for index sizes.

Thanks For your Suggestion

Is there anything else we can do to assist with regards to sizing, or should we close this thread?

Please Close
Thanks