Replies: 1 comment 1 reply
-
|
Do you have a specific need to maintain current log and/or pcap data? If not, starting with a fresh install would be the best course of action. /nsm/backup will have a copy of any configuration changes you made to your original grid. |
Beta Was this translation helpful? Give feedback.
-
|
I would like to transfer configurations I've made so far, including elastalert rules and kibana/elastic configurations (ingest pipelines, custom dashboards, etc. from kibana) and elastic fleet policies. I think they are not stored in /nsm, as it is not directly managed via the grid. pcap data is not collected at this point. And some datastreams from elastic are important, so I would need to migrate them too. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.150
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
cloud
Hardware Specs
Meets minimum requirements
CPU
8
RAM
32
Storage for /
2TB
Storage for /nsm
Same disk
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I am currently managing a security onion standalone instance and I just have faced very high load on CPU (90-99%) and around 70-80% memory usage constantly. Its a t3a.2xlarge instance, so I thought further vertical scaling is not the most efficient approach, which made me think of clusterization and transition to the distributed architecture. I am wondering if that's possible to do it from the current point. I couldn't find any documentation/discussion on this topic.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions