Installation Requirements
This document describes the software and hardware requirements for installing Logpresso Sonar.
Software
The following operating systems and software are required to run Logpresso Sonar.
Operating System
The officially supported operating system by Logpresso is Red Hat Enterprise Linux 9.
- RHEL 9-compatible operating systems such as Rocky Linux can also be used.
- The Server with GUI installation type is recommended.
- Depending on the installation type, the following packages may need to be installed additionally:
curl,firewalld,lsof,net-tools,traceroute,unzip,vim,wget
JDK
OpenJDK 21 (LTS) provided by default from the operating system repository is recommended. As an alternative, Eclipse Temurin can be brought in and installed. Eclipse Temurin is the name of OpenJDK provided by the Eclipse Foundation.
Database
To install Logpresso Sonar as a single node or to install a control node, MariaDB 11.8 (LTS) is required.
Application
The Logpresso Sonar package is required. It can be downloaded from the Logpresso Store.
Hardware
Control Node & Data Node
The cluster architecture can be configured based on the volume of raw logs collected per day (daily throughput).
- The cluster tier configuration can be determined based on daily throughput.
- In a cluster configuration, the control node is based on 1 unit. The control node can also be made redundant.
- The specifications presented are hardware specifications based on 1 node.
- Available storage is the capacity assuming a 1-year retention period and 85% data compression ratio.
| Node | Category | 10GB/day | 50GB/day | 100GB/day | 250GB/day | 500GB/day | 1TB/day |
|---|---|---|---|---|---|---|---|
| Control Node | CPU | 12 | 12 | 24 | 24 | 24 | 24 |
| vCPU | 24 | 24 | 48 | 48 | 48 | 48 | |
| Memory | 32GB | 64GB | 128GB | 128GB | 128GB | 128GB | |
| Disk(OS) | SSD 240GB x 2(RAID 1) | SSD 240GB x 2(RAID 1) | SSD 240GB x 2(RAID 1) | SSD 240GB x 2(RAID 1) | SSD 240GB x 2(RAID 1) | SSD 240GB x 2(RAID 1) | |
| Disk(Data) | SATA HDD 4TB x 2(RAID 1) | SATA HDD 12TB x 2(RAID 1) | SATA HDD 24TB x 2(RAID 1) | SATA HDD 24TB x 4(RAID 10) | SATA HDD 4TB x 2(RAID 1) | SATA HDD 4TB x 2(RAID 1) | |
| Available Space | 4TB | 12TB | 24TB | 48TB | 4TB | 4TB | |
| NIC | 1Gbps x 2 | 1Gbps x 2 | 1Gbps x 2 | 1Gbps x 2 | 10Gbps x 2 | 10Gbps x 2 | |
| Data Node | CPU | N/A | N/A | N/A | N/A | 24 | 24 |
| vCPU | 48 | 48 | |||||
| Memory | 128GB | 128GB | |||||
| Disk(OS) | SSD 240GB x 2(RAID 1) | SSD 240GB x 2(RAID 1) | |||||
| Disk(Data) | SATA HDD 24TB x 4(RAID 10) | SATA HDD 24TB x 4(RAID 10) | |||||
| Available Space | 48TB | 48TB | |||||
| NIC | 10Gbps x 2 | 10Gbps x 2 | |||||
| Cluster | Control/Dataintegrated(Redundant: 2 units) | Control/Dataintegrated(Redundant: 2 units) | Control/Dataintegrated(Redundant: 2 units) | Control/Dataintegrated(Redundant: 2 units) | 1 Control node2 Data nodes(Redundant: 6 units) | 1 Control node4 Data nodes(Redundant: 10 units) |
- CPU refers to physical cores, and vCPU refers to logical cores.
Forwarder Node
The hardware specifications for the forwarder node are divided based on the daily volume of raw logs collected (daily throughput), with a baseline of 500 sentry connections.
- For daily throughput of 1TB/day or more, scale out forwarder nodes horizontally.
- The specifications presented are hardware specifications based on 1 node.
- Available storage is the capacity assuming up to one week of retention for data node failures and 85% compression.
- A maximum of 500 sentries is assumed.
Network Collection Only Specifications
| Category | 1TB/day |
|---|---|
| CPU | 4 |
| vCPU | 8 |
| Memory | 16GB |
| Disk (OS) | SSD 240GB x 2 (RAID 1) |
| Disk (Data) | SATA HDD 4TB x 2 (RAID 1) |
| Available Space | 4TB |
| NIC | 1Gbps x 2 |
Sentry Management and Network Collection Specifications
| Category | 1TB/day |
|---|---|
| CPU | 12 |
| vCPU | 24 |
| Memory | 64GB |
| Disk (OS) | SSD 240GB x 2 (RAID 1) |
| Disk (Data) | SATA HDD 4TB x 2 (RAID 1) |
| Available Space | 4TB |
| NIC | 1Gbps x 2 |
| AWS EC2 | c5.2xlarge |
Network
Prepare IP addresses and L4 switches (or load balancers) considering the operating environment and network configuration.
| Node | Single Node Configuration | Redundancy Configuration |
|---|---|---|
| Control/Data Integrated | 1 IP address | 3 IP addresses, 1 L4 switch/load balancer |
| Control Node | 1 IP address | 3 IP addresses, 1 L4 switch/load balancer |
| Data Node | 1 IP address | (Data-Control 2-tier architecture) 3 IP addresses, 1 L4 switch/load balancer(Forwarder-Data-Control 3-tier architecture) 2 IP addresses |
| Forwarder Node | 1 IP address | 3 IP addresses, 1 L4 switch/load balancer |
- In redundancy configurations, Node A, Node B, and the node pair each require 1 IP address. The node pair IP address is used by the L4 switch/load balancer for load balancing.
- The number of required IP addresses for data nodes varies depending on the architecture.
- In environments where L4 switches cannot be used, VIP failover can be configured using the HA script provided by Logpresso. Request the HA script from the Logpresso technical support team.
Object Storage (Optional)
Logpresso Sonar provides a data lifecycle management feature. It classifies data storage into three tiers—Hot, Warm, and Cold—based on data retention period, and provides data lifecycle management that automatically moves (rolls over) data to lower tiers based on the retention period.
Cold storage supports object storage services such as AWS S3 and Kakao Cloud Object Storage. To use Cold tier storage, prepare object storage in the cloud in advance.