Icinga2 & LOG VM = Disk Size?


#1

Hello
i am not sure about but could i use my Icinga2 Virtuelle Maschine also as “LOG Server” too?

if so for a KMU setup
3 Hardware Server with 5-7 VM each
and 20 Win PC to Monitor

is there a Formula to calculate the Disk size of the Icinga2 VM?

have a nice day
vinc


(Michael Friedrich) #2

I would setup a central Elasticsearch/Graylog cluster for collecting logs and events, not bound to the monitoring server(s).


#3

Ok Thanks for your Feedback @dnsmichi
how much do you sugest for a Virtuell Server to run a Icinga2 Installation?
have a nice day
vinc


(Thomas Widhalm) #4

Unfortunately there is no formula. What you need depends highly on what you are going to monitor.

Logging in Icinga 2 can be configured. So if you plan to start the debuglog from time to time, plan for more. For Icinga 2 alone a small log device might be enough. Depending on your hardware costs I’d go for 10GB, just to be sure. In fact you will need far less than 1GB (for Icinga 2 alone, without debuglog), but since storage is cheap I’d take the safe way.

If you want to have a logmanagement setup with e.g. Elastic Stack, you should stick to their best practices. While it’s totally possible to run Elastic Stack on only one host, you should definitely go for at least 3 nodes. How much space you need is totally dependent on what you’re going to log. Since logs come in all styles in syntaxes you might need from a few GB to hundreds. Also take into account that you will want redundancy (at least double the space you calculated) and that it’s totally dependent on how long you want to keep your logs.

For smaller setups running Elastic Stack on the same host you’re using for your Icinga 2 masters is totally ok in my experience.

You’re mentioning you want to monitor workstations. If you mean “logfile monitoring” by “monitoring” than that’s possible. But keep in mind that Icinga 2 was not made to deal with hosts that can or can not be online. And of course be double careful not to break any privacy laws!

In fact size calculation for Elastic Stack or Graylog means starting small and adding storage or nodes as you need them.