Click here to expand

    System Requirements

    This section lists the minimum system requirements for installing and working with EventLog Analyzer.

    Hardware Requirements

    Log management solutions are resource-intensive and selecting the right hardware plays a major role in ensuring optimal performance.

    The following table denotes the suggested hardware requirements based on the type of flow.

    Low Flow Normal Flow High Flow
    Processor cores 6 12 24
    RAM 16 GB 32 GB 64 GB
    Disk type SSD SSD SSD
    Disk space 1.2 TB 3 TB * 4 TB *
    Network card capacity 1 GB/s 1 GB/s 10 GB/s
    CPU Architecture 64-bit 64-bit 64-bit
    Note: The above-mentioned values are approximate. It is recommended to run a test environment similar to the production environment with the setup details mentioned in the above table. Based on the exact flow and data size, the system requirements can be fine-tuned.

    Use the following table to determine the type of flow for your instance.

    Log type Size (in Bytes) Category Log Units
    Low Flow (EPS) Normal Flow (EPS) High Flow (EPS)
    Windows 900 Windows 300 1500 3000
    Linux, HP, pfSense, Juniper 150 Type 1 Syslogs 2000 10000 20000
    Cisco. Sonicwall, Huaweii, Netscreen, Meraki, H3C 300 Type 2 Syslogs 1500 6000 12000
    Barracuda, Fortinet, Checkpoint 450 Type 3 Syslogs 1200 4000 7000
    Palo Alto, Sophos, F5, Firepower, and other syslogs 600 Type 4 Syslogs 800 2500 5000
    Note:
    • A single-installation server can handle either a maximum of 3000 Windows logs or any of the high flow values mentioned for each log type in the above table.
    • For log types which are not mentioned in the above table, choose the appropriate category based on the log size. For example, in the case of SQL Server logs when the byte size is 900 bytes, and EPS is 3000, it should be considered as High Flow.
    • If the combined flow is higher than what a single node can handle, it is recommended to implement distributed setup.
    • It is recommended to choose the next higher band if advanced threat analytics and a large number of correlation rules have been used.

    Operating System Requirements

    EventLog Analyzer can be installed and run on the following operating systems for 64 Bit architecture and versions:


    Windows®

    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012
    • Windows Server 2008
    • Windows 10
    • Windows 8
    • Windows 7

    Linux

    • Linux - RedHat RHEL
    • Linux - Mandrake
    • Linux - Mandriva
    • Linux - SuSE
    • Linux - Fedora
    • Linux - CentOS
    • Linux - Ubuntu
    • Linux - Debian

    VMware

    • VMware environment

    Supported Web Browsers

    EventLog Analyzer has been tested to support the following browsers and versions:

    • Internet Explorer 11 and Edge
    • Firefox 4 and later
    • Chrome 8 and later

    Supported Logs and Data Sources

    EventLog Analyzer can collect, index, analyze, archive, search and report on logs from over hundreds of devices, platforms and services. To know the latest supported logs and data sources visit https://www.manageengine.com/eventlog/supported-data-sources.html


    Note :
    • With its Universal Log Parsing and Indexing (ULPI) technology, EventLog Analyzer can support any log and data source that is in human-readable format.
    • For analyzing logs from Windows NT machine, WMI core should be installed on the Windows NT machine.
    • Syslogs received from SNARE agents for Windows will be displayed as Windows devices.

    Supported Databases


    Bundled with the product

    • PostgreSQL

    External Databases

    • Microsoft SQL 2012
    • Microsoft SQL 2014
    • Microsoft SQL 2016
    • Microsoft SQL 2017
    • Microsoft SQL 2019

    Recommended System Setup

    Apart from the System Requirements, the following setup would ensure optimal EventLog Analyzer performance:

    • Run EventLog Analyzer on a separate, dedicated PC or server. The software is resource-intensive, and a busy processor may cause problems while collecting event logs.
    • Use the PostgreSQL bundled with EventLog Analyzer that runs on port 33335. You need not start another separate instance of PostgreSQL.
    • As mentioned in the prerequisites, for better performance, you can modify the existing PostgreSQL parameters.
    • Enable Disc encryption for better security.
    Get download link