[ossec-list] Re: disk space needed ?

["Daniel Cid" <daniel.cid@xxxxxxxxx>]

Hi Yves,

It really depends on 4 things:

-The number of systems sending events.
-The amount each of them send.
-How much do you log on the server.
-How long do you need to store the alert/log data.

For example, I'm running ossec on a ISP and it is monitoring
only 6 servers. However, these servers are sending web
traffic, squid logs, authentication logs, etc. I also log
everything from level 1 and above. With this setup,
ossec is seeing more than 6 million events per day
and per month it is storing 0.2G of data.

So, for most of the cases 20G should be more than enough.
In addition to that, you can always compress the old data
to save disk space.  You may also want to only log events
with level higher then 3...

*Next version of ossec is going to support compression
on both network level and alert storage.

Hope it helps.

--
Daniel B. Cid
dcid @ ( at ) ossec.net


On 6/9/06, Yves <yves.bigliazzi@xxxxxxxxx> wrote:
>
> Hello,
>
> I will install an OSSEC Server and I would like to know how much space
> is needed for the logs.
>
> I know that it depends on what you log and how the machine is
> charged... but have you some experience on this ?
>
> I will monitor about 30-40 servers and I reserved 20 Go...
>
> Thanks,
>
> Yves
>
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---