Support Get Quote

Quick Start Guides

System Requirements

EventLog Analyzer system requirements

This section lists the system requirements for installing and working with EventLog Analyzer (Distributed and Standalone editions).


Log management solutions are resource-intensive and selecting the right hardware plays a major role in ensuring optimal performance.

The following table denotes the suggested hardware requirements based on the type of flow.

  Low Flow Normal Flow High Flow
Processor cores 6 12 24
RAM 16 GB 32 GB 64 GB
IOPS 150 750 1500 *
Disk space 1.2 TB 3 TB * 4 TB *
Network card capacity 1 GB/s 1 GB/s 10 GB/s
CPU Architecture 64-bit 64-bit 64-bit
  • The above-mentioned values are approximate. It is recommended to run a test environment similar to the production environment with the setup details mentioned in the above table. Based on the exact flow and data size, the system requirements can be fine-tuned.
  • For higher IOPS, we can use RAID or SSD.

Use the following table to determine the type of flow for your instance.

Log type Size (in Bytes) Category Log Units
Low Flow (EPS) Normal Flow (EPS) High Flow (EPS)
Windows 900 Windows 300 1500 3000
Linux, HP, pfSense, Juniper 150 Type 1 Syslogs 2000 10000 20000
Cisco. Sonicwall, Huaweii, Netscreen, Meraki, H3C 300 Type 2 Syslogs 1500 6000 12000
Barracuda, Fortinet, Checkpoint 450 Type 3 Syslogs 1200 4000 7000
Palo Alto, Sophos, F5, Firepower, and other syslogs 600 Type 4 Syslogs 800 2500 5000
  • A single-installation server can handle either a maximum of 3000 Windows logs or any of the high flow values mentioned for each log type in the above table.
  • For log types which are not mentioned in the above table, choose the appropriate category based on the log size. For example, in the case of SQL Server logs when the byte size is 900 bytes, and EPS is 3000, it should be considered as High Flow.
  • If the combined flow is higher than what a single node can handle, it is recommended to implement distributed setup.
  • It is recommended to choose the next higher band if advanced threat analytics and a large number of correlation rules have been used.

General Recommendations:

VM infrastructure

  • Allocate 100 percent RAM/CPU to the virtual machine running EventLog Analyzer. Sharing memory/CPU with other virtual machines on the same host may result in RAM/CPU starvation and may negatively impact EventLog Analyzer's performance.
  • Employ thick provisioning, as thin provisioning increases I/O latency. In case of VMware, Select Thick provisioned, eagerly zeroed as lazily zeroed is lower in performance.
  • Enabling VM snapshots is not recommended as the host duplicates data in multiple blocks by increasing reads and writes, resulting in increased IO latency and degraded performance.


  • Server CPU utilization should always be maintained below 85% to ensure optimal performance.
  • 50% of server RAM should be kept free for off-heap utilization of Elasticsearch for optimal performance.


  • Disk latency greatly affects the performance of EventLog Analyzer. Direct-attached storage (DAS) is recommended on par with the throughout of an SSD with near-zero latency and high throughput. An enterprise storage area network (SAN) can be faster than SSD.

Currently only local and remote (NAS) drives are supported by EventLog Analyzer for storing live search index and archive data.

Additional note: Search indices require fast random access to the index files, which is not possible with blob storage-type data stores such as S3 and Azure Blob store.

Web browsers

EventLog Analyzer has been tested to support the following browsers and versions with at least a 1024x768 display resolution:

  • Microsoft Edge
  • Firefox 4 and later
  • Chrome 8 and later


EventLog Analyzer can use the following databases as its back-end database.

Bundled with the product

  • PostgreSQL

External databases

  • Microsoft SQL 2012 & above

Please note the hardware requirements needed to configure the MS SQL database for EventLog Analyzer:

RAM CPU IOPS Disk space
8GB 6 300-500 300-500 GB

Operating systems

EventLog Analyzer can be installed in machines running the following operating systems and versions:

  • Windows 7 & above, and Windows Server 2008 & above
  • Linux: Ubuntu 16, Ubuntu 18, Ubuntu 19, CentOS 7, CentOS 8, OpenSUSE 15, RedHat 7, Fedora 31

Installation server

  • SIEM solutions are resource-intensive. It is recommended to provide a dedicated server for their optimal performance.
  • Eventlog Analyzer uses Elasticsearch. Elasticsearch process is expected to utilize off-heap memory for better performance. Off-heap memory is maintained by the operating system and will free up when necessary.

Additional Elasticsearch Node Recommendations:

Hardware Minimum Recommended
Base Speed 2.4 GHz 3 GHz
Core 12 16
RAM 64 64
Disk Space 1.2 TB 1.5 TB
IOPS 1500* 1500*
×Fields cannot be empty×

System Resources Calculator


Windows logs

EPS(Events per second)

Field cannot be empty

Linux, HP, pdSense, Juniper Type 1 Syslogs


Field cannot be empty

Cisco, Sonicwall, Huaweii, Netscreen, Meraki, H3C Type 2 Syslogs


Field cannot be empty

Barracuda, Fortinet, CheckPoint Type 3 Syslogs


Field cannot be empty

Palo Alto, Sophos. F5, Firepower and Other logs Type 4 Syslogs


Field cannot be empty

Data to be stored for?

This is the raw archive data retention period.


Value cannot be '0'

Field cannot be empty

CPU cores




Disk Throughput?

Disk throughput refers to the MB/s (megabytes per second) that EventLog Analyzer requires to write on the disk, without negatively impacting performance.


Disk Space


Network Card Capacity


CPU Architecture


Get Hardware Requirements
Calculate Again

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

Awards and Recognitions

A Single Pane of Glass for Comprehensive Log Management