We plan on monitoring X servers with EventSentry, how big can we expect the database size to become (grow) for X servers?

Article ID: 107
Category: Database
Applies to: All Versions
Updated: 2015-07-07

The anticipated database size depends on many factors, not just the number of hosts that are being monitored. In order to predict the future database size you will need the following information:

  • How many servers will be monitored?
  • What event log data will be consolidated? For example, will you be collecting Audit Success events?
  • How many events will you be collecting on a daily basis per server?
  • How long will the data be retained?
  • How much auditing is enabled on the domain or server level?
  • Will you be collecting process, logon or print tracking data?
  • Will you be collecting performance data?
  • Which database will you be using?

When you have the answer to the above questions then you can calculate the database size using the average space used per event record and estimate storage requirements:

Built-In PostgreSQL Database: appr. 1.5 kB per event record
Microsoft SQL Server 2008 and later: appr. 1.7 kB per event record
MySQL 5.x: appr. 590 bytes per event record

The above values are rough estimates taken from a database mostly containing security event log records, and the actual size will depend on the types of events you are consolidating.

For example, if you plan on keeping about 12 million event records on a Microsoft SQL Server 2008 database, then you can expect the database to grow to about 12 Gb.