Re: Re: [ARGUS] Best Hardware

> 
> From: eric <eric-list-argus <at> catastrophe.net>
> Date: 2004/10/11 Mon PM 09:47:19 EDT
> To: Andrew Hall <andrew <at> m5networks.com.au>
> CC: argus-info <at> lists.andrew.cmu.edu
> Subject: Re: [ARGUS] Best Hardware
> 
> On Tue, 2004-10-12 at 08:57:02 +1000, Andrew Hall proclaimed...
> 
> > I am looking for the best hardware for the following;
> > 
> > - dedicated box for running multiple (>100) different ra queries over 1GB
> > compressed argus files each day
> > 
> > - This host will not be running argus captures itself.
> 
> I look at about 18GB a day (compressed) of logs; it will take hours
> to go through this much on a dual xeon. You'll also need *lots* and
> *lots* of RAM!
> 

Do you aggregate with "ra", or do you use Perl, or do you combine them ?
I (mis)understand from previous postings that the "ra" tools
may have problems wrapping 32-bit counters.

Were you going to share the writeup you mentioned you were preparing
back in July (FreeBSD, high perf setup) ?
Sure would be nice to know how to make this work well.  I'm still
struggling to setup in my lab, because I don't have a lot of confidence
I'll get it right in production.

-Mike