3 Node Setup

homood · April 25, 2018, 12:15pm

Hello! so I'm trying to do the following:

Retrieve Linux servers logs and filter them for specific events and then pass them to a SIEM solution.

Can I achieve that on the Log Stash level?
And do I need all three layers of the stack? or can i just use Log Stash for this?

And my setup plan is as follows:

Have 3 nodes:
Server 1: install Log Stash: 8 Core CPU, 64GB RAM, 140GB SSD
Server 2: install Elastic Search: 8 Core CPU, 64GB RAM, 140GB SSD
Server 3: install Kibana: 8 Core CPU, 8GB RAM, 140GB SSD

What do you think of the specs and architecture?
All suggestions and pointers are appreciated.

magnusbaeck · April 25, 2018, 6:24pm

Can I achieve that on the Log Stash level?

Probably, but it depends on the details of how you obtain the logs and how you pass them to the SIEM system.

What do you think of the specs and architecture?

Without knowing anything about the volumes of logs you need to process?

system · May 23, 2018, 6:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Best specification server Elastic Security	7	986	November 4, 2022
3,000 events/sec Architecture Elasticsearch	10	1764	July 6, 2017
New installation questions Logstash	2	397	June 16, 2017
Installation questions Elasticsearch	5	631	May 22, 2017
Requirements production cluster Elasticsearch	3	213	June 29, 2022

3 Node Setup

Related topics