- Home
- Scalability
- Deployment planning
Plan a scalable deployment guide
On this page:
- Introduction
- Pre-deployment checklist
- Deployment process walkthrough
1. Introduction
This guide outlines the steps to deploy Log360 in a scalable configuration. It is intended for administrators who want to build a high-performance, fault-tolerant setup that can handle increasing log volumes over time. Before using this guide, it is recommended that you first review Log360's scalable deployment guide for component roles and data flow, and Capacity planning manual for sizing processors, hardware, and storage . They explain the scalability components in-depth, storage calculation methods, and hardware sizing guidelines. Understanding those concepts will help you choose the correct number of processors, configure roles efficiently, and provision the right storage capacity for your environment.
This document covers:
- Pre-deployment checklist
- Deployment process walkthrough
2. Pre-deployment checklist
Before starting the deployment, ensure that the following infrastructure and prerequisites are ready.
| Category | Task | Details |
|---|---|---|
| Database | Configure external database | Install and configure Microsoft SQL Server 2016/2019 or PostgreSQL 12.x, 13.x, 14.x. The common database must be accessible from all processor nodes. |
| Database | Create database user | Create a dedicated database account for Log360 with db_owner or equivalent permissions. |
| Storage | Set up shared storage | Use a highly available shared location: NFS for Linux, SMB share for Windows, or S3 bucket. This is used for inter-processor communication, and Elasticsearch archive data. |
| Storage | Verify storage permissions | The Log360 service account must have full read/write access to the shared path. |
| Storage | Move existing archives | If migrating from a non-scalable setup, manually move existing archives to the shared location. |
| Network | Verify port access | Ensure all required ports from the network requirements list are open between relevant servers. Use tools such as telnet or Test-NetConnection for validation. |
| Accounts | Create a service account | Run Log360 services using a dedicated service account with necessary permissions . |
3. Deployment process walkthrough
This guide provides a high-level walkthrough. All configurations can be performed in the Log360 settings panel. For detailed, step-by-step instructions, refer to the help documentation.
Step 1: Install Log360
Install the latest version of Log360 on a supported operating system:
- Windows Server 2016, 2019, 2022
- Red Hat Enterprise Linux 8.x, 9.x
- Ubuntu 20.04 LTS, 22.04 LTS
Ensure the base hardware requirements for the first processor node are met, as defined in the capacity planning manual.
Step 2: Configure required storage
The following three main storage types are required:
| Storage type | Purpose | Notes |
|---|---|---|
| External database (MS SQL or PostgreSQL) | Stores product configurations, alert profiles, and rules | Ensure high IOPS and low latency. |
| Elasticsearch indexer storage | Holds hot data for search and analysis | Use high-performance enterprise SSDs. |
| Shared storage (NFS, SMB, or S3) | Used for inter-processor communication, archives, and policy files | Must be highly available and have full read/write permissions. |
Step 3: Add processor nodes and configure roles
- Start with a minimum of one processor node for small deployments. Login to the same deployment to scale by adding additional nodes, configure storage, and agents.
- The initial deployment is considered as the Primary Processor and all management activities can be carried out only from this. Users can log into other processors to monitor the centralized dashboard.
- For high availability, deploy at least two nodes with the Log Queue Engine, and Search Engine roles.
Step 4: Configure agents and secure gateway server
- In remote sites, install agents that filter, parse, compress, and upload logs to HQ processors.
- If remote log collection requires secure transfer, configure a secure gateway server between agents and processors.
Step 5: Configure agentless devices
- For agentless collection, configure devices to send logs to the processors via syslog or Windows event forwarding.
- Ensure relevant TCP/UDP ports are open for each log type.
Step 6: Configure replica
- Assign key roles (such as queue engine and log handling engine) to at least two processors for failover.
- In Elasticsearch, enable replica for indexer data which will take up twice the storage size.
Step 7: Monitor system health
Regularly check:
- Processor health and resource usage
- Agent status and connectivity
- Log collection and flow status
- Queue depth and indexing performance
Step 8: Configure security rules and alerts
- Assign alerting to a dedicated processor or allow the system to auto-assign based on available resources.
- Enable correlation engine rules as required for your security operations.
Next steps
Proceed to the help document for step-by-step configuration.
