System Requirements

Hardware Requirements

Databases

Log360 can use the following databases as its back-end database.

Bundled with the product

  • PostgreSQL

External databases

  • Microsoft SQL 2008 & above
  • PostgreSQL: 9.2 to 10.21

Please note the hardware requirements needed to configure the External database for Log360

RAM CPU IOPS Disk Space
8GB 6 300-500 50-60 GB

Log360 Setup with its child products is recommended to be split across two servers with the following configurations.

1. EventLog Analyzer, Active Directory AuditPlus and Log360 combined can be installed in the server with the following configuration.

Hardware Minimum Recommended
Processor 2.4 Ghz 3 Ghz
Core 16 Core 20 core
RAM 52 GB 64 GB
Disk Space 1.5 TB 2.2 TB
Disk Type SSD SSD

2. M365 Manager Plus, Log360 UEBA combined can be installed in the server with the following configuration

Hardware Minimum Recommended
Processor 2.4 Ghz 3 Ghz
Core 6 Core 12 core
RAM 24 GB 32 GB
Disk Space 200 GB 400 GB
Disk Type SSD SSD
 System Resource Calculator
Note:
  • The above mentioned values are approximate. It is recommended to run a test environment similar to the production environment with the recommended setup as mentioned. The system requirements can be fine tuned based on the exact flow and data size.
  • For each integrated product, refer the individual product recommendations below for fine tuning.

EventLog Analyzer: https://www.manageengine.com/products/eventlog/system_requirement.html

M365 Manager Plus: https://www.manageengine.com/microsoft-365-management-reporting/system-requirements.html

Active Directory AuditPlus: https://www.manageengine.com/products/active-directory-audit/system-requirements.html

Log360 UEBA: https://www.manageengine.com/log-management/ueba/help/system-requirements.html

General Recommendations

VM infrastructure

  • Allocate 100 percent RAM/CPU to the virtual machine running EventLog Analyzer. Sharing memory/CPU with other virtual machines on the same host may result in RAM/CPU starvation and may negatively impact EventLog Analyzer's performance.
  • Enabling VM snapshots is not recommended as the host duplicates data in multiple blocks by increasing reads and writes, resulting in increased IO latency and degraded performance.

CPU & RAM

  • Server CPU utilization should be maintained below 85% always to ensure optimal performance.
  • 50% of server RAM should be kept free for Off-heap utilization of Elasticsearch for optimal performance.

DISK

  • Disk latency greatly affects the performance of SIEM solutions. Direct-attached storage(DAS) is recommended on par with an SSD with near zero latency and high throughput. An enterprise SAN can be faster than SSD.

Log360

  • Log360 components are resource intensive processes. It is recommended to provide each component with a dedicated server for better performance.
  • It is recommended to split the load with Multiple ES Nodes, with Each node handling 800GB - 1.2 TB of Data.
  • Log360 uses Elasticsearch, which is expected to utilize off-heap usage for better performance. Off-heap usage is maintained by OS and will free up when necessary.

Additional ES Node Recommendations:

Hardware Minimum Recommended
Base Speed 2.4 Ghz 3 Ghz
Core 12 16
RAM 64 64
Disk Space 1.2 TB 1.5 TB
Disk Type SSD SSD

Software Requirements

ManageEngine Log360 supports the following Microsoft Windows operating system versions:

  • Windows 7 & Above
  • Windows Server 2008 & above
Note: Additionally ELA can also be installed in Linux: Red Hat 8.0 and above/all versions of RHEL, Mandrake/Mandriva, SUSE, Fedora, CentOS, Ubuntu, Debian

Supported Browsers

ManageEngine Log360 requires one of the following browsers to be installed on the system to access the Log360 web client.

  • Microsoft Edge
  • Firefox 4 and above
  • Chrome 10 and above
  • Safari 5 and above