[ARGUS] Best Hardware
slif at bellsouth.net
slif at bellsouth.net
Mon Oct 11 22:07:21 EDT 2004
>
> From: eric <eric-list-argus at catastrophe.net>
> Date: 2004/10/11 Mon PM 09:47:19 EDT
> To: Andrew Hall <andrew at m5networks.com.au>
> CC: argus-info at lists.andrew.cmu.edu
> Subject: Re: [ARGUS] Best Hardware
>
> On Tue, 2004-10-12 at 08:57:02 +1000, Andrew Hall proclaimed...
>
> > I am looking for the best hardware for the following;
> >
> > - dedicated box for running multiple (>100) different ra queries over 1GB
> > compressed argus files each day
> >
> > - This host will not be running argus captures itself.
>
> I look at about 18GB a day (compressed) of logs; it will take hours
> to go through this much on a dual xeon. You'll also need *lots* and
> *lots* of RAM!
>
Do you aggregate with "ra", or do you use Perl, or do you combine them ?
I (mis)understand from previous postings that the "ra" tools
may have problems wrapping 32-bit counters.
Were you going to share the writeup you mentioned you were preparing
back in July (FreeBSD, high perf setup) ?
Sure would be nice to know how to make this work well. I'm still
struggling to setup in my lab, because I don't have a lot of confidence
I'll get it right in production.
-Mike
More information about the argus
mailing list