On Tue, 2 Oct 2012, Joseph Guanzon wrote: > Is there known system requirement when using SEC to monitor large > quantity of servers like how many cpu/memory would be needed for 300 to > 500 servers and or 500 to 1000 servers monitored?
The number of servers doesn't matter. What matters is the number of log messages, and how complex your ruleset is. the more state your rulesets keep (in contexts, thresholds, windows, etc), the more memory they will need. However, overall it's surprisingly light on memory requirements. When you consider how much space a Gig of memory actually is, keeping track os these things really doesn't hurt much. CPU is eaten up by evaluating rules. The more rules that need to be evaluated before the log is processed, the more CPU you need regex matches can be expensive, the more complex your regex, the more expensive it will be. some types of matches are more expensive than alerts alert after X messages in Y seconds is more expensive than alert when you see message Z All of this makes it really hard to say how much system you need to process messages from X servers.. > Can SEC be able to summarize log file alerts like instead of showing the > 100 alerts it would state that there have been a 100 counts for this > certain alert received. Yes, you can do this sort of thing. David Lang ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
