On Mon, Jan 12, 2004 at 10:49:42AM -0800, Tom Perrine wrote: > On Fri, Jan 09, 2004 at 07:20:32PM -0700, Jim Prewett wrote: > > > > Ok, so here's a little more concrete question. What percentage of a > > machine would you spend on machines for log analysis? (if your network > > had 100 workstations worth $1,000 each, how much money would you spend for > > log analysis (only including machine and software costs)?) > > > > One answer i've recieved is between 1 and 5 percent. > > > > It really depends on what you *use* the logs for. If you need them > for regulatory compliance, you have to spend whatever it takes. If > you are using a centralized, log-based IDS, you also need to spend the > $$. At SDSC we were getting about 3 million records/day from the > whole site, and were doing it with a Linux box (Dell 1650, 1 CPU > IIRC), storing multiple copies (one on local disk for failure > protection and one into the main NFS complex). Analysis was separate, > but on a workstation-class machine, e.g. Linux on a 1.6Ghz, 512M RAM > machine. Total cost, < $3K. [ snip ] Slight correction here ... the Dell is the new log host not yet in production, we appear to still be using an Ultra 5 or 10 (can't remember which). Also analysis is done mostly on an Ultra 60 which is probably under untilized (we had it lying around). Though the analysis does use a database which is running on linux box, the only unique feature of which is that it has 1TB of disk ... far more than what is needed for the DB, and not dedicated to the DB. But the general sense of it is correct, our logging infastructure is low cost. -- Devin Kowatch devink@private _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 12 2004 - 18:09:45 PST