These are not the base requirements, these are just what we are using now, and they have worked well.
With internal (behind the firewall) deployments I would expect your event counts to be very low (1-100 per day). External deployments will likely see thousands to hundreds of thousands of events per day depending on the network and the number of honeypots deployed. We have more than 50 sensors now all leveraging this server for storage and indexing.
We are currently using Digital Ocean for our MHN Server and various cloud service providers for honeypots.
- 4GB RAM
- dual core processor
- 40 GB drive.
- 512MB-1GB RAM
- dual core CPU
- 20GB drive. <-- could get away with less if you rolled logs aggressively.