Hardware Requirements
Production Specification
RhythmX is deployed on a dedicated server that receives forwarded logs from LogRhythm's Log Distribution Services. The following specification supports sustained detection at 20,000–25,000 events per second.
| Resource | Requirement |
|---|---|
| CPU | 16 cores |
| RAM | 64 GB |
| Disk | 500 GB SSD |
| Network | 1 Gbps |
| OS | RHEL / Rocky Linux |
The CPU and memory are allocated across multiple ingestion pipelines, queue management, and the detection engine. SSD storage is required to support continuous processing under high-throughput ingestion.
Recommended Partition Layout
/var/log should be on a separate partition to prevent log data from consuming the root filesystem. All RhythmX processed logs, detection outputs, and archives are written under /var/log.
| Partition | Size |
|---|---|
/ (root) |
50 GB |
/var/log |
450 GB |