Novell Sentinel Log Manager is supported on 64-bit Intel Xeon and AMD Opteron processors, but is not supported on Itanium processors.
NOTE:These requirements are for an average event size of 300 bytes.
The following hardware requirements are recommended for a production system that holds 90 days of online data:
Table 2-1 Sentinel Log Manager Hardware Requirements
NOTE:Networked storage contains all 90 days worth of data, including a fully compressed copy of the event data in local storage. A copy of the event data is kept on local storage for search and reporting performance reasons. Local storage size can be decreased if storage size is a concern, however an estimated 70% penalty will be incurred while searching or reporting on data that would otherwise be in local storage, due to decompression overhead.
NOTE:
One machine can include more than one event source. For example, a Windows server can include two Sentinel event sources because you want to collect data from the Windows operating system and also the SQL Server database hosted on that machine
You must set up the networked storage location to an external multi-drive storage network area (SAN) or network-attached storage (NAS).
The recommended steady state volume is 80% of the maximum licensed EPS. Novell recommends that you add additional Sentinel Log Manager instances if this limit is reached.
NOTE:Maximum event source limits are not hard limits, but, are recommendations based on the performance testing done by Novell and assume a low average events rate per second per event source (less than 3 EPS). Higher EPS rates result in lower sustainable maximum event sources. You can use the equation (maximum event sources) x (average EPS per event source) = maximum event rate to arrive at the approximate limits for your specific average EPS rate or number of event sources, as long as the maximum number of event sources does not exceed the limit indicated above.
One Intel Xeon L5240 3-GHz (2 core CPU)
256 MB RAM
10 GB free disk space.
Sentinel Log Manager is used to retain raw data for a long period of time to comply with legal and other requirements. Sentinel Log Manager employs compression to help you make efficient use of local and networked storage space. However, storage requirements might become significant over a long period of time.
To overcome cost constraint issues with large storage systems, you can use cost-effective data storage systems to store the data for a long term. Tape-based storage systems are the most common and cost-effective solution. However, tape does not allow random access to the stored data, which is necessary to perform quick searches. Because of this, a hybrid approach to long-term data storage is desirable, where the data you need to search is available on a random-access storage system and data you need to retain, but not search, is kept on a cost-effective alternative, such as tape. For instructions on employing this hybrid approach, see Using Sequential-Access Storage for Long Term Data Storage
of in the Sentinel Log Manager 1.1 Administration Guide.
To determine the amount of random-access storage space required for Sentinel Log Manager, first estimate how many days of data you need to regularly perform searches or run reports on. You should have enough hard drive space either locally on the Sentinel Log Manager machine, or remotely on the Server Message Block (SMB) protocol or CIFS protocol, the network file system (NFS), or a SAN for Sentinel Log Manager to use for archiving data.
You should also have the following additional hard drive space beyond your minimum requirements:
To account for data rates that are higher than expected.
To copy data from tape and back into the Sentinel Log Manager in order to perform searching and reporting on historical data.
Use the following formulas to estimate the amount of space required to store data:
NOTE:The coefficients in each formula represent ((seconds per day) x (GB per byte) x compression ratio).
Local event storage (partially compressed): {average byte size per event} x {number of days} x {events per second} x 0.00007 = Total GB storage required
Networked event storage (fully compressed): {average byte size per event} x {number of days} x {events per second} x 0.00002 = Total GB storage required
Raw Storage (fully compressed on both local and networked storage): {average byte size per raw data record} x {number of days} x {events per second} x 0.000012 = Total GB storage required
NOTE:These numbers are only estimates and depend on the size of your event data as well as on the size of compressed data.
The above formulas calculate the minimum storage space required to store fully compressed data on the external storage system. When local storage fills up, Sentinel Log Manager compresses and moves data from a local (partially compressed) to an external (fully compressed) storage system. Therefore, estimating the external storage space requirements becomes most critical for data retention. To improve the search and reporting performance for recent data, you can increase the local storage space beyond the hardware requirements of Sentinel Log Manager; however, it is not required.
You can also use the above formulas to determine how much storage space is required for a long-term data storage system such as tape.
The limits mentioned in this section are recommendations based on the performance testing done at Novell or at customer sites. They are not hard-limits. The recommendations are approximations. In highly dynamic systems, it is a good practice to build in buffers and allow room for growth.
Unless otherwise specified, Collector Manager limits assume 4 CPU cores at 2.2 GHz each, 4 GB of RAM, running on SLES 11.
Table 2-2 Collector Manager Performance Numbers
Sentinel Log Manager is extensively tested and fully supported on a VMware ESX server. Performance results in a virtual environment can be comparable to the results achieved in tests on a physical machine, but the virtual environment should provide the same memory, CPU, disk space, and I/O as the physical machine recommendations.