Monalytic provides a simple overview on right sizing your SolarWinds Log and Event Manager implementation to best fit your environment.
Conveying this information to an authorized SolarWinds reseller will allow them to quote the license that’s right for your environment. Tiered licenses are issued in the following formats “LEM100” and “LWE250 for LEM100”. These licenses can be read as being able to accommodate 100 Universal Nodes and 250 Workstation/Agent Nodes.
Licensing is acknowledged as being in-use on the appliance based on each unique IP address that sends it data. Deployed agents have logic built in to accommodate for dynamic IP addressing (DHCP) but other devices that do not operate an agent have the potential to consume more than one license if/when their address changes. These can be pruned from the LEM appliance manually or automatically if needed. To setup automatic recycling within the appliance you would check the box illustrated below and set a frequency.
SolarWinds has three general tiers when it comes to sizing (Small, Medium, or Large).
This is where it gets a bit interesting; taking the data obtained from the “Existing Environment Review” you will have to determine a deployment level to go with. All monitored systems have the ability to adjust the verbosity of logging from low level basic events to highly verbose “catch everything” logging. Unless you perform sampling of each device and define time study statistical calculation it’s difficult to say (for example) that 100 devices will generate five million events per day. You could essentially have 100 devices with the verbosity turned all the way up or 100 with it turned down, or most likely a mix of both. Generally, the column on the right of the table is of most value. Start with the raw number of endpoints and scale the appliance to the bracket that best fits; always leaning on the heavier resource side. For example, if you have 5x security devices, 250x network devices, and 151x servers it might run on the “small” tier deployment but the appliance would be very stressed. For that scenario we would suggest moving to the “medium” tier of the matrix and starting with something like 6 cores, 16GB RAM, and 1TB storage.
Once the appliance is in operation and you have the ability to analyze the actual log ingest rate adjusting resources becomes a bit easier. Simply run an nDepth report for the past hour, multiply the total events by 24 to get a per hour log count and then refer to the matrix below as guide:
Monalytic is an authorized SolarWinds reseller. For more information on product licensing, maintenance renewals, training, or professional services, please contact us at www.monalytic.com.
Back to News