Replies: 1 comment 3 replies
-
|
Can you give some details on your grid please? #1720 |
Beta Was this translation helpful? Give feedback.
-
|
We'd implemented the product by Distributed Architecture. There are separate manager, search nodes and 2 forwarder nodes. |
Beta Was this translation helpful? Give feedback.
-
|
Still would like some information, how much storage does your manager and search nodes have? Do you see any deletions in |
Beta Was this translation helpful? Give feedback.
-
|
Our manages have 350GB storage and It's 61% used. About the search 770GB storage and It's used by 39%. Some additional info about our forwarder nodes - their storage on both are on 90% used. I've checked the logs about any deletions but the log file is clear. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello. In my infrastructure I'm collecting system logs with Windows Event collector machine which is collecting from the workstations via installed Sysmon agents. I've configured it to archieve in .evtx to save storage. Only the Sysmon logs are forwarded to the WEC. The Sysmon logs are transfered to securityonion by elasticagent installed on the machine. The problem we've met is that we are not inspecting these logs for more than 24 hours. I've saw that a new ds is been created day to day. Will be very thankful for any solutions. :)
Beta Was this translation helpful? Give feedback.
All reactions