Support
 
Support Get Quote
 
 
 
 

Product docs

Home » Tuning Guide

Tuning guide

EventLog Analyzer Performance Optimization Guide

 

System resources calculation

Hosting EventLog Analyzer without adequate system resources may affect its ability to perform necessary tasks. Use the calculator below to approximately determine the hardware you’ll need for EventLog Analyzer to perform smoothly.

System resources calculator

 

System resources optimization 

 

Disk space 

(a) Log volume-based optimization

The hard disk space required depends on the log volume generated in your environment. For a high log flow rate, you need to have a larger disk space to store and process the logs. However, if the need for disk space is growing at an alarmingly rapid rate, you should check if only the required logs are being collected. Making the changes below can reduce the need for disk space without compromising security.

  • Disable auditing of irrelevant Windows events.
  • Ensure that only the necessary syslogs are forwarded to the server. 
  • Employ log collection filters to remove noise.

(b) Retention-based optimization

The log archive and index folders are the main contributors to the growing size of stored logs. The total disk space required at any time to store the logs generated by your network is the combined size of the archive and index folders.

  • Archived data: The archived index slows down the search function but occupies less disk space.
    •     
  • Indexed data: The raw index speeds up the search function but occupies more disk space.

The archive and index sizes for a specific time period depend on the total volume of raw logs generated during that time period. 

  Default location Default retention Retention settings Compression
Indexed data <Installation folder>/EventLog Analyzer/ES/ 32 days To update or change the retention period, navigate to Settings → Admin → Database Retention Settings. Data which is older than 32 days will be automatically compressed in the ratio of 1:10.
Archived data <Installation folder>/EventLog Analyzer/Archive/ Forever To update or change the retention period, navigate to Settings → Admin → Archive Settings. Data which is older than a day will be automatically compressed in the ratio of 1:20.
 

CPU and RAM

CPU: The need for CPU power depends on the log volume, existing alert profiles, and correlation rules in place. If CPU usage is abnormal, do the following:

  • Set up policies to forward only the required logs. 
  • Review and ensure that only the required alert profiles and correlation rules are in place.

RAM: Correlation is a RAM-intensive process, so make sure that only the necessary correlation rules are in use. 

 
Fields cannot be empty×
It is recommended to split the load with Multiple ES Nodes, with Each node handling 800GB - 1.2 TB of Data×

System Resources Calculator

×

Windows logs

EPS(Events per second)

Field cannot be empty

Linux, HP, pfSense, Juniper Type 1 Syslogs

EPS

Field cannot be empty

Cisco, Sonicwall, Huaweii, Netscreen, Meraki, H3C Type 2 Syslogs

EPS

Field cannot be empty

Barracuda, Fortinet, CheckPoint Type 3 Syslogs

EPS

Field cannot be empty

Palo Alto, Sophos, F5, Firepower and Other logs Type 4 Syslogs

EPS

Field cannot be empty

Data to be stored for?

This is the raw archive data retention period.

Year

Value cannot be '0'

Field cannot be empty

Advanced

Log metadata ( Index ) retention

Raw index retention?

Raw index takes more space and searches are faster

Days

Raw index retention value cannot be '0'

Field cannot be empty

Archived index retention?

Archived index are zipped, it takes less space but old data will be slow to query

Days

Field cannot be empty

CPU cores

 

RAM

 

Disk Type

SSD

Disk Space

 

Network Card Capacity

 

CPU Architecture

 

Get Hardware Requirements
Calculate Again

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Infosys
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank
TestimonialsCase Studies

Awards and Recognitions

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
A Single Pane of Glass for Comprehensive Log Management
Log ManagementLog AnalysisIT ComplianceSIEMQuick LinksRelated Products

The one-stop solution to Active Directory Management and Reporting

Free Trial Get Quote
Email Download Link