Difference between revisions of "ASL prerequisites"
(Created page with "= Introduction = ASL is a powerful security suite that will be analyzing actions of your system in real time. For it to work correctly it will need a well tuned system w...") |
(→Recommendations) |
||
Line 30: | Line 30: | ||
== Database == | == Database == | ||
+ | |||
+ | === Query caching ==== | ||
When using mysql, querying caching must be enabled. Larger query caches will result in greater performance, however this must be tuned to the capabilities of the system. Larger query caches also require more memory, so to increase this setting you will need at least 2GB of RAM and preferably 4GB of RAM or more. | When using mysql, querying caching must be enabled. Larger query caches will result in greater performance, however this must be tuned to the capabilities of the system. Larger query caches also require more memory, so to increase this setting you will need at least 2GB of RAM and preferably 4GB of RAM or more. | ||
Line 40: | Line 42: | ||
query_cache_size=256m | query_cache_size=256m | ||
+ | |||
+ | === Dedicated I/O channel === | ||
+ | |||
+ | For systems with high volumes of events we recommend you move your mysql databases to their own I/O channel separate from your web sites and/or other file system intensive operations. This will give the database its own dedicated I/O channel to the database files. Databases can be quite large, and the ASL events database will grow over time based on the archive settings you have configured in your [[ASL configuration]]. Therefore, a faster way of reading these databases will improve performance on the system. |
Revision as of 11:20, 22 June 2012
Contents |
Introduction
ASL is a powerful security suite that will be analyzing actions of your system in real time. For it to work correctly it will need a well tuned system with reasonable resources. This document outlines the requirements for ASL to function, and recommendations for it perform optimally.
Requirements
Memory
ASL requires at least 1 GB of memory. 2 GB of memory is highly recommend to make use of all of ASLs features.
CPU
ASL does not require a 64bit CPU, however the use of 64Bit CPUs is highly recommended.
Database
When using mysql, querying caching must be enabled. The following setting in mysql must be set for ASL to perform correctly. Failure to set this will result in significant performance impact to ASL, and the system.
query_cache_size=64m
Recommendations
Memory
4 GB of memory is recommended for sites with lots of events and/or domains.
CPU
Multiple 64Bit CPUs are highly recommended for systems with lots of events and/or events.
Database
Query caching =
When using mysql, querying caching must be enabled. Larger query caches will result in greater performance, however this must be tuned to the capabilities of the system. Larger query caches also require more memory, so to increase this setting you will need at least 2GB of RAM and preferably 4GB of RAM or more.
For example, on a system with 2GB of RAM the query cache should be set to 128M.
query_cache_size=128m
For systems with 4GB of RAM, or more, a large query cache can be used:
query_cache_size=256m
Dedicated I/O channel
For systems with high volumes of events we recommend you move your mysql databases to their own I/O channel separate from your web sites and/or other file system intensive operations. This will give the database its own dedicated I/O channel to the database files. Databases can be quite large, and the ASL events database will grow over time based on the archive settings you have configured in your ASL configuration. Therefore, a faster way of reading these databases will improve performance on the system.