RockNSM disk allocation suggestions for 16 TB drive

#1

Hello, everyone!

We are configuring our Rock NSM and would like to get some feedback on how to slice up our 16 TB of hard drive space. I planned on giving most of it (~ 14TB) to Stenographer and it takes up about a TB of storage a day. How much should I leave for Bro, Suricata, Kafka, etc.? Do they level out? Would one TB be enough? I’ve been watching the folders in /data and they keep growing.

Kafka is at 157 GB and growing…
Bro is hovering around 9 GBs
Suricata is at 118 GB and growing…
Elasticsearch is at 46GB and growing…

Hardware: Dell Poweredge R410 Dual Xeon 2,53 GHz 6-core processors, 128GB RAM, 24TB in Raid 5 (16TB usable)

Thanks,

Ben

0 Likes