Expedition server sizing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Expedition server sizing

L0 Member

Anyone know server sizing requirements for this?  Minimum cpu, memory and storage?

 

Also, what is the recommended way to install?

9 REPLIES 9

L5 Sessionator

Recommend the following resources for Expedition:

 

CPU: 4 cores (virtual sockets are ok)

Memory: Min 8 GB, 16 GB if possible

Storage: If you plan to use the machine learning and rule enrichment, add and mount a secondary disk of at least a min of 100 GB. After processing the traffic log files, you should choose to compress or delete the log files if your plans to use the ML annd RE are for weekly or month to month app-ID reconcilliations.

 

 

 

If we need to increase the Expedition resources, you will have to modify the VM settings and make Expedition aware of the change. To do so, delete the file located at /home/userSpace/environmentParameters.php. (This may be optimized in the future to assist on the correct Expedition's resource tunning)

Thank you very muched.

 

Worked

Senior Security Engineer
mydatapath.com

L1 Bithead

i think its belong over 2000...

Once you add more memory to the VM and deleted the appropriate file you also need to increase the default memory assigned to php.  This also has a drastic impact/improvement on performance - esp with larger projects.

 

The default is rather low at 128mb.  If you increase the VM memory to 4Gb, i would recommend increasing php memroy to 512Gb.  if you increase VM memory to 8Gb, then increase php memory to 1Gb.  Each will be a sizeable and quite noticeable differences in Expeditions performance:

 

php.ini is located in: 

sudo vi /etc/php/7.0/apache2/php.ini

 Find the line 'memory_limit ' and change the value from 128mb to 512mb (or higher)

Something to remember though is when assigning resources 1 CPU and either 1G or 2G of ram are dedicated to the OS and are not used by expedition. So 4 vcpu is going to allow 3 to be used by Expedition. 

I wanted to add something here that I thought might be helpful. The recommendation is 100g of space for log exports. The larger my ruleset became the more space each log started taking. I have about 700 rules atm and I can only keep 1 log from each FW in my HA pair. If I forget to process logs (because for some reason automatic log process has never worked for me) your space fills up and you cant actually process the logs due to the fact there is not enough room.  I would say 100g is a minimum but keep in mind your environment and how much traffic you have traversing the PAs. 

Thanks Steven for your message, and you are right that it is important to calculate how much space you want to allocate for Expedition logs.

 

I would recommend that you install the coming update 1.1.43, that may fix the issue about the autoprocessing, and also the afterProcess action for "Compress" or "Delete".

  • 22455 Views
  • 9 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!