LogRhythm Reference Architecture

Gen5 Reference Architecture

The tables in this section describe LogRhythm appliance platforms and performance specifications for each. You can use this information to determine what kind of systems you will use for installing LogRhythm.

New installations of the Data Indexer are only supported on the Linux platform. The Data Indexer is only supported on Windows in an XM configuration.

SAN storage is supported in LogRhythm's software-only solution. It is not supported in LogRhythm appliances. With respect to appliances, SAN storage is supported only for inactive archives.

In the tables that follow, Allocation Unit Size is abbreviated as AUS. Where not otherwise specified, default AUS is expected.

Appliance Reference Architecture

Content Formatting Macros for Confluence cannot be exported to this format.

AWS Platform Reference Architecture

AWS EC2 instances should be considered minimums. In some environments, higher performance instances may be required.

Content Formatting Macros for Confluence cannot be exported to this format.

Google Cloud Platform Reference Architecture

Google Cloud instance sizes should be considered minimums. In some environments, higher performance instances may be required.

Content Formatting Macros for Confluence cannot be exported to this format.

Azure Platform Reference Architecture

Microsoft Azure instance sizes should be considered minimums. In some environments, higher performance instances may be required.

For all platforms, use only read host cache on data disks, such as SQL data or Elasticsearch data.

Content Formatting Macros for Confluence cannot be exported to this format.