3 Node Setup

homood · April 25, 2018, 12:15pm

Hello! so I'm trying to do the following:

Retrieve Linux servers logs and filter them for specific events and then pass them to a SIEM solution.

Can I achieve that on the Log Stash level?
And do I need all three layers of the stack? or can i just use Log Stash for this?

And my setup plan is as follows:

Have 3 nodes:
Server 1: install Log Stash: 8 Core CPU, 64GB RAM, 140GB SSD
Server 2: install Elastic Search: 8 Core CPU, 64GB RAM, 140GB SSD
Server 3: install Kibana: 8 Core CPU, 8GB RAM, 140GB SSD

What do you think of the specs and architecture?
All suggestions and pointers are appreciated.

magnusbaeck · April 25, 2018, 6:24pm

Can I achieve that on the Log Stash level?

Probably, but it depends on the details of how you obtain the logs and how you pass them to the SIEM system.

What do you think of the specs and architecture?

Without knowing anything about the volumes of logs you need to process?

system · May 23, 2018, 6:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.