Chapter 4: Performance
One of the main advantages of SureLog is its performance. SureLog can reach speeds of 50,000 EPS with legacy HW. As previously stated, EPS is a measurement that is used to convey how fast a network generates data from its security devices such as firewalls, Intrusion Detection Systems (IDS), servers, and routers. It is also used to see how fast an SIEM product can correlate data from those types of devices. In addition, there are two EPS metrics definitions:
Normal or Sustained Events per second (NE): The NE metric represents the normal number of events usage time for a device or Log/Event Management scope.
Peak Events per second (PE): The PE metric represents the peak number of events usage time for a device or Log/Event Management scope. The PE represents abnormal activities on devices that create temporary peaks of EPS such as DoS, ports scanning, and mass SQL injections attempts. The PE metric is a bit more significant in this case because it determines real EPS requirements.
Minimum Requirements:
| Max EPS | Requirements |
|---|---|
| 250 | 4 GB RAM, 4 core, |
| RAID 10 10,000 RPM | |
| 500 | 8 GB RAM, 4 core, |
| RAID 10 10,000 RPM | |
| 1000 | 12 GB RAM, 6 core, |
| RAID 10 10,000 RPM | |
| 2500 | 24 GB RAM, 8 core, RAID 10 15,000 RPM |
| 5000 | 32 GB RAM, 16 core, |
| RAID 10 15,000 RPM | |
| 10000 | 48 GB RAM, 24 core, |
| RAID 10 15,000 RPM | |
| 15000 | 64 GB RAM, 32 core , |
| RAID 10 15,000 RPM |