Hello all. I'm trying to stand up osquery on-prem....
# generale
Eric Brue
03/19/2020, 6:58 PMHello all. I'm trying to stand up osquery on-prem. How many servers would I need for about 30,000 endpoints? I understand that I can use Scale Sets in Azure but am trying to set up a test environment with a budget of $0. Any advice would be appreciated.
n
nyanshak
03/19/2020, 8:34 PMhow many servers would depend on the size / configuration of the servers
also will heavily depend on check-in intervals, number of queries, how you log data, if you are going to try to do ad-hoc querying
nyanshak
03/19/2020, 8:34 PMpretty hard to answer that question since your environment will be unique
nyanshak
03/19/2020, 8:37 PMfor perspective, I have similar number of hosts, but split across multiple fleet deployments.
(AWS) each of the deployments will have 3-20 c5.2xlarge instances + db.m5.4xlarge DB
majority of the time they'll be scaled to like 3 instances, but I've definitely run scenarios during load testing that's pushed it to 20 instances
nyanshak
03/19/2020, 8:37 PMand I've found ad-hoc queries to generally be extremely problematic, to the point it doesn't really matter how much I've scaled the DB, and I've disabled them.
nyanshak
03/19/2020, 8:38 PM(we use http://github.com/kolide/fleet to manage) see #kolide
e
Eric Brue
03/19/2020, 9:50 PMThanks for your insite. Appreciate it.