Hi All,
We are planning to install Remote log collectors in our RSA Security Analytics architecture.
What is the recommended hardware configuration for Virtual log collectors?
Regards
Shubham
Hi All,
We are planning to install Remote log collectors in our RSA Security Analytics architecture.
What is the recommended hardware configuration for Virtual log collectors?
Regards
Shubham
Not sure if this will help you or not...not sure what you have installed already, please see attached PDF.
thanks for sharing. Is there any sizing guideline?
I have not dealt with the virtual remote collector. I would reach out to support for info.
| Adam Rasnick | Practice Consultant, RSA Professional Services| 423.833.9297| adam.rasnick@emc.com | RSA The Security Division of EMC
Adam,
Thanks for the reply. However, I was looking for the recommended hardware configuration for VLC.
Regards
Shubham
Hi,
I think what you are looking for is specific to the VLC. The SKU for this (software only) is:
SA-VLC-SW
There is no cost for this module.
We have tested the VLC up to 5K EPS. Here are the recommended VM specs for varying EPS rates.
EPS | Cores | Memory (GB) | Disk (GB) |
1k | 2 | 2 | 150 |
| 2 |
| 150 |
5k | 3 | 3 | 150 |
Regards,
Dave
Thanks Dave. This is exactly what I was looking for.
Regards
Shubham
Hi Dave,
Have one more query.
Can we run VLC on Hyper-V?
Regards
Shubham
i think only esxi is supported.
It seems there are some changes in 10.3. Below is an extract from 10.3 documentation.
A Remote Collector (RC) is a Log Collector service running on a stand-alone Virtual Machine or Microsoft Windows 2008 host.
Now this also supports being installed on Windows server.
Can some confirm on the Virtualization platforms being supported now?
Regards
Shubham
Install a Virtual Instance of Security Analytics - NetWitness Documentation Home
Didn't mention support for Hyper-V...
The Virtual Log Collector (VLC) runs on Linux, which is included as part of the image. The image only installs on VMware ESX, Normal VMware.
The legacy windows collection services runs on Windows 2008 x64 Server. This is just a service running on Windows so it doesn't care where or what it runs on... hardware or VM, etc.
Hi Dave,
We are going to implement AIO in client side & we are having 2 AIO (All In One). Our motive is to pull logs from existing enVision to SA (enVision Migration To SA) via VLC and push those logs to both the AIO's in active-passive mode via VLC.
Kindly refer to above topology. So can you please share us VLC Installation & Configuration guide.
And link to download the VLC file.
That will be great help for me.
Regards,
Deepanshu.
Not sure if this will help you or not...not sure what you have installed already, please see attached PDF.