Anyone know server sizing requirements for this? Minimum cpu, memory and storage?
Also, what is the recommended way to install?
Recommend the following resources for Expedition:
CPU: 4 cores (virtual sockets are ok)
Memory: Min 8 GB, 16 GB if possible
Storage: If you plan to use the machine learning and rule enrichment, add and mount a secondary disk of at least a min of 100 GB. After processing the traffic log files, you should choose to compress or delete the log files if your plans to use the ML annd RE are for weekly or month to month app-ID reconcilliations.
If we need to increase the Expedition resources, you will have to modify the VM settings and make Expedition aware of the change. To do so, delete the file located at /home/userSpace/environmentParameters.php. (This may be optimized in the future to assist on the correct Expedition's resource tunning)
Once you add more memory to the VM and deleted the appropriate file you also need to increase the default memory assigned to php. This also has a drastic impact/improvement on performance - esp with larger projects.
The default is rather low at 128mb. If you increase the VM memory to 4Gb, i would recommend increasing php memroy to 512Gb. if you increase VM memory to 8Gb, then increase php memory to 1Gb. Each will be a sizeable and quite noticeable differences in Expeditions performance:
php.ini is located in:
sudo vi /etc/php/7.0/apache2/php.ini
Find the line 'memory_limit ' and change the value from 128mb to 512mb (or higher)
Something to remember though is when assigning resources 1 CPU and either 1G or 2G of ram are dedicated to the OS and are not used by expedition. So 4 vcpu is going to allow 3 to be used by Expedition.
You can find recommended specs here:
And admin guide here:
I wanted to add something here that I thought might be helpful. The recommendation is 100g of space for log exports. The larger my ruleset became the more space each log started taking. I have about 700 rules atm and I can only keep 1 log from each FW in my HA pair. If I forget to process logs (because for some reason automatic log process has never worked for me) your space fills up and you cant actually process the logs due to the fact there is not enough room. I would say 100g is a minimum but keep in mind your environment and how much traffic you have traversing the PAs.
Thanks Steven for your message, and you are right that it is important to calculate how much space you want to allocate for Expedition logs.
I would recommend that you install the coming update 1.1.43, that may fix the issue about the autoprocessing, and also the afterProcess action for "Compress" or "Delete".
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!