Administration Guides
Performance Auditor Requirements
Home
Requirements for Performance Auditor in Unified deployments
- Auditing enabled on monitored clusters.
- NFS mount for monitored clusters to ingest audit data.
- Browser PC to Eyeglass VM must open port 2014 for UI updates.
- Eyeglass clustered Agent cluster deployed with release 2.5.6 or later code level.
- Audit Event > 6000 events per second (contact support to get this value from support logs), will require a memory increase on the ECA cluster nodes when running Ransomware Defender Easy Auditor:
- > 6000 events per second = 20GB memory per ECA VM.
- < 6000 events per second can stay at 16GB per ECA VM.
- Large node count clusters require more ECA VM's and more memory
- PowerScale clusters over 20 nodes will require additional ECA VM's for processing and will require additional memory per ECA VM.
- 30 nodes or more = 9 ECA VM's with 20GB RAM per VM when running unified Ransomware, Easy Auditor and Performance Auditor applications.
- Minimum Audit Events Required
- For 8.2 or later clusters that allow configuration of individual audit events, the following audit success events can be set to reduce the audit work load on the cluster and enable only the audit events required for performance auditor:
- close_file_modified, open_file_read, open_file_write, read_file, write_file, read, write .
- For 8.2 or later clusters that allow configuration of individual audit events, the following audit success events can be set to reduce the audit work load on the cluster and enable only the audit events required for performance auditor: