2.1 Hardware Requirements

2.1.1 Sentinel Log Manager

Novell® Sentinel™ Log Manager is supported on 64-bit Intel* Xeon* and AMD* Opteron* processors, but not supported on Itanium* processor.

NOTE:These requirements are for an average event size of 300 bytes.

A single server may cater different event sources. For example, a Windows server could collect data from the Windows platform and also from an SQL server database hosted on it.

Novell recommends the following hardware requirements for a production system that holds 90-days of online data:

Table 2-1 Sentinel Log Manager Hardware Requirements

Requirements

Sentinel Log Manager (500 EPS)

Sentinel Log Manager (2500 EPS)

Sentinel Log Manager (7500 EPS)

Compression

Up to 10:1

Up to 10:1

Up to 10:1

Maximum event sources

Up to 1000

Up to 1000

Up to 2000

Maximum events

500

2,500

7,500

CPU

One Intel* Xeon* E5450@3 GHz (4core) CPU

or

Two Intel* Xeon* L5240@3 GHz (2 core) CPUs (4 cores total)

One Intel* Xeon* E5450@3 GHz (4 core) CPU

or

Two Intel* Xeon* L5240@3 GHz (2 core) CPUs (4 cores total)

Two Intel* Xeon* X5470@3.33 GHz (4 core) CPUs (8 cores total)

Random Access Memory (RAM)

4GB

4 GB

8 GB

Storage

2x 500 GB, 7.2k RPM drives (Hardware RAID with 256 MB cache, RAID 1

2 x 1 TB, 7.2k RPM drives (Hardware RAID with 256 MB cache, RAID 1)

6 x 450 GB, 15k RPM drives, (Hardware RAID with 512 MB cache, RAID 5)

NOTE:

  • You must set up the archive location to an external multi-drive storage network area (SAN) or network-attached storage (NAS).

  • The recommended steady state volume is 80% of the maximum licensed EPS. Novell recommends that you add additional Sentinel Log Manager instances if this limit is reached.

2.1.2 Collector Manager

The following are the minimum requirements for Collector Manager:

  • One Intel* Xeon* L5240@3 GHz (2 core CPU)

  • 256 MB RAM

  • 10 GB - free disk space.

2.1.3 Estimating the Data Storage Space Requirement

Sentinel Log Manager is used to retain raw data for a long period of time to comply with legal and other requirements. Sentinel Log Manager employs compression to help you make efficient use of local and archive storage space. However, over a long period of time storage requirements might become significant.

To overcome cost constraint issues with large storage systems, you can use cost effective data storage systems to store the data for a long term. Tape-based storage systems are the most common and cost-effective solution. However, tape does not allow random access to the stored data, which is necessary to perform quick searches. Because of this, a hybrid approach to long-term data storage is desirable, where the data you need to search is available on a random-access storage system and data you need to retain, but not search, is kept on a cost-effective alternative, such as tape. Instructions for employing this hybrid approach are described in Using Sequential-Access Storage for Long Term Data Storage of the Sentinel Log Manager 1.0.0.4 Administration Guide.

To determine the amount of random-access storage space required for Sentinel Log Manager, first estimate how many day’s worth of data you need to regularly perform searches or run reports on. You should have enough hard drive space either locally on the Sentinel Log Manager machine, or remotely on a CIFS, NFS, or SAN that Sentinel Log Manager can use to archive data.

You should also have additional hard drive space beyond your minimum requirements:

  • To account for data rates that are higher than expected.

  • To copy data from tape and back into the Sentinel Log Manager in order to perform searching and reporting on historical data.

Use the following formulas to estimate the amount of space required to store data:

  • Event Data Storage Size: {number of days} x {events per second} x {average byte size of event} x 0.000012 = GB storage required

    Event sizes typically range from 300-1000 bytes.

  • Raw Data Storage Size: {number of days} x {events per second} x {average byte size of raw data} x 0.000012 = GB storage required

    A typical average raw data size for syslog messages is 200 bytes.

  • Total Storage Size: ({average byte size of event} + {average byte size of raw data}) x {number of days} x {events per second} x 0.000012 = Total GB storage required

NOTE:

  • These numbers are only estimates and depend on the size of your event data as well as on the size of compressed data.

  • The above formulas calculate the minimum storage space required to store fully compressed data on the external storage system. When local storage fills up, Sentinel Log Manager seamlessly compresses and moves data from local (partially compressed) to external (fully compressed) storage system. Therefore, estimating the external storage space requirement becomes most critical for data retention. To improve the search and reporting performance for recent data, you can increase the local storage space beyond the hardware requirements of Sentinel Log Manager; however it is not required.

You can also use the above formulas to determine how much storage space is required for long term data storage system, for example using tape.

2.1.4 Virtual Environment

Sentinel Log Manager has been extensively tested on VMWare* ESX Server, and Novell fully supports Sentinel Log Manager in this environment. Performance results in a virtual environment can be comparable to the results achieved in tests on physical machine, but the virtual environment should provide the same memory, CPU, disk space, and I/O as the physical machine recommendations.