-
Version2.4.200 Installation MethodSecurity Onion ISO image Descriptionconfiguration Installation TypeDistributed Locationon-prem with Internet access Hardware SpecsExceeds minimum requirements CPU16 RAM32 Storage for /300 Storage for /nsm1TB Network Traffic Collectionspan port Network Traffic Speeds1Gbps to 10Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsYes, there are additional clues in /opt/so/log/ (please provide detail below) DetailI have created a standalone as POC, but now I want to move to multiple sites with redundancy. I think I have worked out how I want to do it but I was wondering if I do 3 x Heavy Nodes can there also be 3 Manager nodes for redundancy? Or would I need to 1 Manager Search node and 2 Resource nodes. It would be good to be able to high HA on the web interface that's what I'm thinking. If not, what would be the best way to approach the situation. I want 3 different physical and logical separate sites link so that logs are searched in one GUI with HA. Would 1 manager and 2 receiver nodes be more appropriate? I've always just done a standalone so just getting my head around of what I can and can't do is boggling my brain a lot. Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
One manager per grid. You can use receiver nodes for pipeline redundency. There is a Pro feature called Manager of Managers - https://docs.securityonion.net/en/2.4/mom.html but that would require a Pro license. |
Beta Was this translation helpful? Give feedback.
-
|
OK and receivers process the logstash records if manager is down, waiting for the manager to come back up? |
Beta Was this translation helpful? Give feedback.
One manager per grid. You can use receiver nodes for pipeline redundency.
There is a Pro feature called Manager of Managers - https://docs.securityonion.net/en/2.4/mom.html but that would require a Pro license.