Wazuh Hardware Requirements (Sizing)
753 views
Skip to first unread message
Roy W
Jun 24, 2019, 6:27:12 AM6/24/19
to Wazuh mailing list
Hi Wazuh Team,
I have been running a PoC using the Wazuh .ova and now need to size up a 'proper' distributed architecture. I would be grateful if someone could advise on a rough hardware spec for the following:
~95 Linux
~85 Win client (app/sec/sys event logs)
~10 Win server (app/sec/sys event logs)
~20 Mac
We require log retention for 365 days and will be enabling the 'logall' option.
The other thing to consider is that the Linux estate is geographically separated from the rest of the machines, with traffic between the two going via VPN. Would it be possible/recommended to have a Wazuh Manager at each location, but have them as one logical environment? We would like to be able to store/view all logs/data within a single view.
Grateful for any advice/pointers.
Thanks in advance.
Gerard Norton
Jun 24, 2019, 11:14:31 AM6/24/19
to Wazuh mailing list
:-)
You can init deploy with 3 nodes (1 master) and 3 nodes for Elasticsearch (minimum recomended for elastic).
Both data retention and the number of hosts depend on the events per second you need to consume.
Gerard Norton
Jun 24, 2019, 11:25:39 AM6/24/19
to Wazuh mailing list
Roy W
Jun 25, 2019, 4:13:15 AM6/25/19
to Wazuh mailing list
Hi Gerard,
Thank you very much for the links, much appreciated!
Reply all
Reply to author
Forward
0 new messages