Hardware requirements LOGbinder


Hardware requirements LOGbinder

A

Hello Team,

We are planning to monitor our MS SQL audit logs with our SIEM using LOGbinder. We are about to start a proof of concept, if requirements are met we will implement LOGbinder to process audit logs of 150 MS SQL instances.

Product information written on your web site tells LOGbinder's installation size is only about 12MB and memory usage averages 150MB, this indicates LOGbinder doesn't demand high system requirements.

As we do not want to put the load onto our MS SQL servers, LOGbinder will be installed on a dedicated server. Is there a best practise about how to determine the system requirements?

How many MS SQL instances can one instance of LOGbinder process? And how will this amount increase the load on the server running LOGbinder?

Thank you in advance.

Best regards,
Arjan Smid

Tamas Lengyel

a.smid - 9/25/2017
Hello Team,

We are planning to monitor our MS SQL audit logs with our SIEM using LOGbinder. We are about to start a proof of concept, if requirements are met we will implement LOGbinder to process audit logs of 150 MS SQL instances.

Product information written on your web site tells LOGbinder's installation size is only about 12MB and memory usage averages 150MB, this indicates LOGbinder doesn't demand high system requirements.

As we do not want to put the load onto our MS SQL servers, LOGbinder will be installed on a dedicated server. Is there a best practise about how to determine the system requirements?

How many MS SQL instances can one instance of LOGbinder process? And how will this amount increase the load on the server running LOGbinder?

Thank you in advance.

Best regards,
Arjan Smid

Thanks for the question. Yes, as you mentioned, the hardware requirements of LOGbinder for SQL Server are not high. I would say a typical server configuration with a few GB of memory and 2-4 cores would be sufficient. Most often our customers run LOGbinder on a virtual machine.

It is not an easy say how many instances could be handled with one LOGbinder installation. It depends on your hardware and on the amount of audit data those SQL Server instances produce. The best would be to do some testing in your environment with a few SQL Server instances and then scale it up.

The biggest bottleneck used to be getting the audit logs from the SQL Server. The more audit data you have, the longer SQL Server takes to provide the requested audit logs. However, the latest version of LOGbinder deals with this situation with purging the processed audit data, so as long as LOGbinder is running, it should not take excessively long to get the audit data from the SQL Server.

As I mentioned above, why not do some testing. If you find any other bottleneck, we would be happy to work with you to see how we can make LOGbinder more efficient for you.

GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search