Installation requirements

This document describes the software and hardware requirements for installing Logpresso Sonar.

Software

To run Logpresso Sonar, you need the following operating system and software.

Operating system

The operating system officially supported by Logpresso is Red Hat Enterprise Linux 9.

  • You can also use a RHEL 9-compatible operating system such as Rocky Linux.
  • We recommend the Server with GUI installation type.
  • Depending on the installation type, you may need to install additional packages such as: curl, firewalld, lsof, net-tools, traceroute, unzip, vim, wget
JDK

We recommend OpenJDK 21 (LTS), which is provided by default in the operating system repository. As an alternative, you can bring in and install Eclipse Temurin. Eclipse Temurin is the name of the OpenJDK distribution provided by the Eclipse Foundation.

Database

To install Logpresso Sonar as a single node or to install a control node, you need MariaDB 11.8 (LTS).

Application

You need the Logpresso Sonar package. You can download it from the Logpresso Store.

Hardware

Control node & data node

You can build the cluster architecture based on the volume of raw logs collected per day (daily throughput).

  • You can determine the cluster tier configuration based on the daily throughput.
  • In a cluster configuration, the control node count is based on one node. The control node can also be made redundant.
  • The specifications shown are hardware specifications for one node.
  • Available storage assumes a retention period of 1 year and a data compression ratio of 85%.
NodeItem10 GB/day50 GB/day100 GB/day250 GB/day500 GB/day1 TB/day
Control nodeCPU121224242424
vCPU242448484848
Memory32GB64GB128GB128GB128GB128GB
Disk
(OS)
SSD 240GB x 2
(RAID 1)
SSD 240GB x 2
(RAID 1)
SSD 240GB x 2
(RAID 1)
SSD 240GB x 2
(RAID 1)
SSD 240GB x 2
(RAID 1)
SSD 240GB x 2
(RAID 1)
Disk
(data)
SATA HDD 4TB x 2
(RAID 1)
SATA HDD 12TB x 2
(RAID 1)
SATA HDD 24TB x 2
(RAID 1)
SATA HDD 24TB x 4
(RAID 10)
SATA HDD 4TB x 2
(RAID 1)
SATA HDD 4TB x 2
(RAID 1)
Available space4TB12TB24TB48TB4TB4TB
NIC1Gbps x 21Gbps x 21Gbps x 21Gbps x 210Gbps x 210Gbps x 2
Data nodeCPUN/AN/AN/AN/A2424
vCPU 4848
Memory 128GB128GB
Disk
(OS)
SSD 240GB x 2
(RAID 1)
SSD 240GB x 2
(RAID 1)
Disk
(data)
SATA HDD 24TB x 4
(RAID 10)
SATA HDD 24TB x 4
(RAID 10)
Available space 48TB48TB
NIC 10Gbps x 210Gbps x 2
Cluster Control/data combined
(redundant: 2 nodes)
Control/data combined
(redundant: 2 nodes)
Control/data combined
(redundant: 2 nodes)
Control/data combined
(redundant: 2 nodes)
1 control node
2 data nodes
(redundant: 6 nodes)
1 control node
4 data nodes
(redundant: 10 nodes)
  • CPU means physical cores, and vCPU means logical cores.
Forwarder node

The hardware specifications of a forwarder node are split per node based on the volume of raw logs collected per day (daily throughput) and a Sentry connection count of 500.

  • If the daily throughput is 1 TB/day or more, scale out the forwarder nodes horizontally to handle it.
  • The specifications shown are hardware specifications for one node.
  • Available storage assumes up to one week of retention and 85% compression, taking data node failure into account.
  • Sentry is assumed to be up to 500 units.

Network collection-only specification

Item1 TB/day
CPU4
vCPU8
Memory16GB
Disk (OS)SSD 240GB x 2 (RAID 1)
Disk (data)SATA HDD 4TB x 2 (RAID 1)
Available space4TB
NIC1Gbps x 2

Sentry management and network collection specification

Item1 TB/day
CPU12
vCPU24
Memory64GB
Disk (OS)SSD 240GB x 2 (RAID 1)
Disk (data)SATA HDD 4TB x 2 (RAID 1)
Available space4TB
NIC1Gbps x 2
AWS EC2c5.2xlarge

Network

Considering your operating environment and network configuration, prepare IP addresses and an L4 switch (or load balancer).

NodeSingle node configurationRedundant configuration
Control/data combined1 IP address3 IP addresses, 1 L4 switch/load balancer
Control node1 IP address3 IP addresses, 1 L4 switch/load balancer
Data node1 IP address(Data-control 2-tier architecture) 3 IP addresses, 1 L4 switch/load balancer
(Forwarder-data-control 3-tier architecture) 2 IP addresses
Forwarder node1 IP address3 IP addresses, 1 L4 switch/load balancer
  • For a redundant configuration, node A, node B, and the node pair each need one IP address. The node pair's IP address is used when the L4 switch/load balancer performs load balancing.
  • The number of IP addresses required for a data node varies depending on the architecture.
  • In environments where an L4 switch cannot be used, you can configure VIP switching with the HA script provided by Logpresso. Request the HA script from the Logpresso technical support team.

Object storage (optional)

Logpresso Sonar provides a data lifecycle management feature. It provides a data lifecycle management feature that divides data storage into three tiers—Hot, Warm, and Cold—according to the data retention period and automatically moves (rolls over) data to a lower tier according to the data retention period.

Cold storage supports object storage services such as AWS S3 and Kakao Cloud Object Storage. To use Cold tier storage, prepare object storage in the cloud in advance.

Note
The data lifecycle management feature can be set up separately after installing Logpresso Sonar.