On Fri, Jan 09, 2004 at 07:20:32PM -0700, Jim Prewett wrote: > > Ok, so here's a little more concrete question. What percentage of a > machine would you spend on machines for log analysis? (if your network > had 100 workstations worth $1,000 each, how much money would you spend for > log analysis (only including machine and software costs)?) > > One answer i've recieved is between 1 and 5 percent. > It really depends on what you *use* the logs for. If you need them for regulatory compliance, you have to spend whatever it takes. If you are using a centralized, log-based IDS, you also need to spend the $$. At SDSC we were getting about 3 million records/day from the whole site, and were doing it with a Linux box (Dell 1650, 1 CPU IIRC), storing multiple copies (one on local disk for failure protection and one into the main NFS complex). Analysis was separate, but on a workstation-class machine, e.g. Linux on a 1.6Ghz, 512M RAM machine. Total cost, < $3K. At SCEA.com, where I'm at now, I'll probably be feeding the logs from all the online game servers and all of our internal log traffic (from 8 sites) into 2 Dell 1650s (dual 1.3 Ghz CPUs), just because I need the redundancy and also so I can have one relay/aggregator outside the firewall. Total cost, about $4K or less. -- Tom Perrine - tperrine@private Sony Computer Entertainment America _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 12 2004 - 12:09:07 PST