Log360 server hardware details
| Components | Minimum | Recommended |
|---|---|---|
| Processor cores | 12 Cores | 24 Cores |
| RAM | 32 GB | 48 GB |
| IOPS | 750 | 1500 |
| Disk space | 1.2 TB (SSD) | 2.5 TB (SSD) |
Single node capacity A single node can handle up to 250 GB/day of log flow or manage up to 2 TB of search data.
What if log flow > 250 GB/day or search data > 2 TB? If the combined log flow exceeds 250 GB/day or search data exceeds 2TB, implementing the Scalability Architecture is recommended.
Additional log processors can be added to scale the product horizontally.Scalable
If the log flow exceeds the high flow threshold, you can add additional processors to handle the extra load. This allows the product to scale horizontally.
High availability
When devices use agents for log collection, and a processor goes down, logs will continue to be collected and forwarded to available processors.
Centralized search
Logs collected by each processor are available for search from any processor in the setup.
Customization
Processors can be assigned specific roles or tasks based on requirements.
Agent Requirements
* For offline collection, add 1GB to the max agent data directory size.
Database Support
Bundled (Default)
PostgreSQL
External
Hardware Requirements for External DB:
- 8GB RAM
- 6 CPU Cores
- SSD (50-100 GB)
Log Volume
Data Retention
High Availability
Log processor Required
0
Based on volume
Log Size / Day
0 GB
Daily ingestion volume
ES Disk (Hot)
0 TB
SSD Required (1500 IOPS)
Archive Disk (Cold)
0 TB
HDD or NAS Storage
Processor Requirements
Required: 2Please provide the below requirements for each processors:
| CPU | RAM | Disk Space | Disk Type |
|---|---|---|---|
| 12 Core | 48 GB | 2 TB The disk space mentioned doesn't include archive requirement. | SSD |
Agent Requirement
Required: 2Please provide the below requirements for each Agents:
| CPU | RAM | Disk Space |
|---|---|---|
| 12 Core | 4 GB | 50 GB |
Database Requirement
Please provide the following requirements for external database server:
| CPU | RAM | Disk Space | Disk Type |
|---|---|---|---|
| 6 Core | 12 GB | 100 GB | SSD |
Infrastructure best practices
- Allocate 100 percent RAM/CPU Allocate 100 percent RAM/CPU to the virtual machine running Log360. Sharing memory/CPU with other virtual machines on the same host may result in RAM/CPU starvation and negatively impact Log360's performance.
- Use Thick Provisioning Employ thick provisioning, as thin provisioning increases I/O latency. In VMware environments, select Thick provisioned, Eagerly Zeroed, since lazily zeroed disks offer lower performance.
- Disable VM Snapshots Enabling VM snapshots is not recommended as the host duplicates data across multiple blocks, increasing reads and writes, which results in higher I/O latency and degraded performance.
- CPU Threshold Server CPU utilization should always be maintained below 85% to ensure optimal performance.
- Elasticsearch RAM Allocation At least 50% of server RAM should remain free for off-heap utilization by Elasticsearch for optimal performance.
- Recommended Storage Type Disk latency greatly affects Log360 performance. Direct-attached storage (DAS) is recommended (near-zero latency). Enterprise SANs can also be used if they are faster than standard SSDs.
- Supported Drives Local and remote (NAS) drives are supported for storing live search indexes and archive data.
- Avoid Blob Storage for Indexes Search indices require fast random access. This is not possible with blob storage-type data stores such as S3 and Azure Blob storage.
- Cluster / Shared Storage Impact When running on shared storage (SAN/vSAN/Shared SSD), disk performance can be affected by load from other VMs ("noisy neighbors"). This causes fluctuating IOPS and high latency. We recommend using dedicated disks or guaranteed IOPS.
Windows Server 2025, 2022, 2019, 2016, 2012 R2, 2012
Linux Ubuntu 14+, Red Hat 7+, CentOS 7+
Windows Windows 8 & above OR Server 2012
Linux Ubuntu 14+, CentOS 7+, Red Hat 7+, OpenSUSE 15+
