Replies: 1 comment
-
|
Recommend that you have 1 manager node and 2 receivers if you are looking for redundancy that way if the manager node happens to go offline for any reason, the receiver nodes will still process events from the sensor node and send them to the search nodes (data nodes) for ingest and index. Also, keep in mind that if you are experiencing that high of throughput, the sensor nodes may have issues keeping up writing PCAP to disk, if you care about it. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello everyone!
I'm working with a 30 Gb/sec network and I want to test Security Onion in a distributed deployment.
My available bandwidth is 10 Gb/sec per interface, and I'm thinking of setting it up like this:
6 sensor nodes, each handling up to 5 Gb/sec
3 data nodes
3 manager nodes
Does this architecture make sense?
Has anyone here deployed Security Onion in a similar high-bandwidth setup and can share their experience or suggestions?
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions