Replies: 1 comment
-
Unfortunately, there's not really a hard-and-fast formula for this -- the data stored on Search Nodes is from Zeek and Suricata, but also from any logs that are being imported into the grid. The packet capture data stays on the Forward Nodes, so "store traffic for y days" would affect the storage requirements there, not on the Search Nodes. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
How Many Search Nodes Are Needed in a Security Onion Distributed Deployment?
Assume the network throughput is x Megabits per second.
Assume you must store traffic for y days.
Beta Was this translation helpful? Give feedback.
All reactions