Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
e
Eric Brue
03/19/2020, 6:58 PMHello all. I'm trying to stand up osquery on-prem. How many servers would I need for about 30,000 endpoints? I understand that I can use Scale Sets in Azure but am trying to set up a test environment with a budget of $0. Any advice would be appreciated.
n
nyanshak
03/19/2020, 8:34 PMhow many servers would depend on the size / configuration of the servers
also will heavily depend on check-in intervals, number of queries, how you log data, if you are going to try to do ad-hoc querying
pretty hard to answer that question since your environment will be unique
for perspective, I have similar number of hosts, but split across multiple fleet deployments.
(AWS) each of the deployments will have 3-20 c5.2xlarge instances + db.m5.4xlarge DB
majority of the time they'll be scaled to like 3 instances, but I've definitely run scenarios during load testing that's pushed it to 20 instances
and I've found ad-hoc queries to generally be extremely problematic, to the point it doesn't really matter how much I've scaled the DB, and I've disabled them.
(we use http://github.com/kolide/fleet to manage) see #kolide
e
Eric Brue
03/19/2020, 9:50 PMThanks for your insite. Appreciate it.