Hello,
I'm planning to use packetbeat on dedicated servers, getting the traffic from mirror ports on switch. Dedicated server will Virtual Machine with Linux of course.
I couldn't find in documentation what resources is need to handle traffic: example 100Mbps, 1 Gbps or 10Gbps.
Can you give we advise how to count what resources are needed ?
Thanks,
I can only tell you off of first hand experience only. Packetbeat won't be your bottle neck. I've run it on a Celeron machine in a docker container feeding it close to 1Gb a sec and the CPU was never above 20%. Filebeat may be more beneficial depending on what your trying to capture. For instance Netflow traffic which is more detailed is under filebeat.
What will be your problem is how big your Elastic Cluster will be to suck up the data. I only capture DHCP,DNS events on 2 servers and HTTP/TLS on 2 others. It comes out to 29million events a day. After about a week that started to show that it was a lot of events...
Plan for what you want to capture first then look at how large your cluster will have to be in order to make use of the data.
Thanks a lot!
I'll bear it in mind.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.