System requirements

The system requirements of NXLog Platform depend on the number of log-collecting agents that you plan to connect and your log storage needs.

The following sections provide initial resource provisioning guidelines for the different deployment sizes supported by NXLog. After completing the deployment, we recommend monitoring resource usage and increasing resources as necessary to ensure NXLog Platform runs smoothly.

Supported operating systems

You can deploy NXLog Platform on the following operating systems:

  • Red Hat Enterprise Linux (RHEL) 8

  • Red Hat Enterprise Linux (RHEL) 9

  • Ubuntu 22.04.x

  • Ubuntu 24.04.x

If you are using SELinux, you must make sure that it is running in permissive mode. To verify the current mode, run getenforce on the machine where you are deploying NXLog Platform. To configure SELinux to run in permissive mode, follow these steps:

  1. Edit the /etc/selinux/config file:

    $ sudo nano /etc/selinux/config
  2. Configure the SELINUX=permissive option.

  3. Save the file and reboot the machine.

CPU and RAM requirements

NXLog Platform provides several deployment sizes depending on the number of agents that you run or plan to run in your environment. The following table lists the minimum CPU and memory requirements for each deployment size.

  • The Managed agents column represents the maximum number of agents supported by the agent management capability of NXLog Platform. Note that the number of agents sending logs to NXLog Platform can be lower or higher than that number depending on your log collection architecture.

  • CPUs must have an x86_64 architecture and support Advanced Vector Extensions 2 (AVX2) instructions. If you use virtualization, ensure that your hypervisor’s BIOS has AVX2 enabled and that the hypervisor allows AVX2 pass-through to the guest OS.

    To verify that AVX2 instructions are present, run the following command on the machine where you are deploying NXLog Platform:

    $ grep -io -m1 avx2 /proc/cpuinfo
    avx2
  • The RAM requirements depend on whether NXLog Platform will be used to store log data or not, as the built-in log storage database uses more memory to support high log ingestion rates. The values listed on the table are for the exclusive use of NXLog Platform, meaning that you must provision additional RAM for the operating system and any other applications running alongside NXLog Platform on the host machine. You will choose to store log data or not during the NXLog Platform installation process.

Table 1. NXLog Platform deployment sizes
Deployment size Managed agents CPU cores RAM
without log storage
RAM
with log storage

small

up to 1,000

2

11 GB

19 GB

medium

1,001 to 10,000

3

14 GB

22 GB

large

10,001 to 50,000

4

19 GB

43 GB

xlarge

50,001 to 100,000

8

38 GB

54 GB

Storage requirements

Ensure that the following storage is available on the machine before you start deploying NXLog Platform:

For installation files and system logs:

  • 30 GB of free disk space in /var/lib/containers/storage/.

  • At least 10 GB of free disk space in /var/log/.

    NXLog Platform can exhaust this space more slowly or more quickly depending on the number of agents. If you expect a lot of activity, consider allocating more space and implementing rotation of the systemd journal and syslog logs.

  • 1 GB of free disk space in /var/ outside the aforementioned directories.

  • 1 GB of free disk space in /usr/ for dependency OS packages.

For NXLog Platform data, including agent-collected logs:

  • At least 10 GB of free disk space.

    By default, NXLog Platform stores data in the directory /srv/nxp/data, but you can change this directory during the installation process. We recommend mounting this directory on a dedicated physical disk or disk partition.

Network requirements

Ensure that the deployment machine and your network are set up as follows:

  • The machine has a static IP address.

  • The local network 10.89.0.0/24 is free to use and reserved for the container services of NXLog Platform.

  • Both your organization firewall and the host machine firewall allow the URLs and ports described in the table below.

    We do not recommend turning off the firewall on production systems.
    Direction Service Description

    Inbound

    443/TCP

    HTTPS endpoint for the NXLog Platform user interface.

    5515/TCP

    Agent management.

    5514/TCP

    Ingestion of logs sent by agents.

    Outbound

    {53|custom}/TCP
    {53|custom}/UDP

    DNS services. Change the port number if you are running your organization’s DNS server on another port.

    {25|465|587|custom}/TCP

    SMTP port for sending NXLog Platform email notifications, such as new user invitations. Depending on your SMTP server, allow either port 25, 465, 587, or a custom port.

    platform.nxlog.co:443/TCP

    NXLog cloud backend for customer registration and management of the customer’s organizations, subscriptions, and invoices.
    NXLog Platform requires access to the cloud backend to validate the active subscriptions and license usage.

    nxlogacr.azurecr.io:443/TCP
    *.blob.core.windows.net:443/TCP

    Microsoft Azure Container Registry and Microsoft Azure Blob Storage.
    Used for pulling the NXLog Platform container images from the NXLog container registry.

    nxlog-artifacts-prod.fra1.digitaloceanspaces.com:443/TCP
    nxlog-solution-pack-integration-bucket.fra1.digitaloceanspaces.com:443/TCP

    DigitalOcean Spaces CDN.
    Used for downloading the NXLog Platform and NXLog Agent installation packages and dynamically fetching the most recent versions of NXLog Platform solution packs.

    {*.ubuntu.com|custom}:80/TCP
    {*.ubuntu.com|custom}:443/TCP

    Ubuntu only.

    Official Ubuntu APT system repositories. Depending on your configuration, for example when using custom repository mirrors, you may need to allow access to different hostnames.
    Used for downloading host OS software dependencies

    {*.redhat.com|custom}:80/TCP
    {*.redhat.com|custom}:443/TCP

    RHEL only.

    Official Red Hat Enterprise Linux software repositories. Depending on your configuration, for example when using custom repository mirrors, you may need to allow access to different hostnames.
    Used for downloading host OS software dependencies

    You can use one of the scripts below to create and enable the inbound traffic firewall rules. Copy the script to a text file and save it with the .sh extension. Ensure the file is executable, then run the script as root on the machine where you will install NXLog Platform.

    The script might produce warnings if any of the firewall services that it adds are already allowed, but you can ignore those messages.

    RHEL
    configure-firewall.sh
    #!/bin/bash
    
    # Function to create a firewalld service file
    create_service_file() {
        filename=$1
        content=$2
        echo "$content" > "$filename"
    }
    
    # HTTPS service
    firewall-cmd --permanent --add-service=https --zone=public
    firewall-cmd --reload
    
    # Agents service
    create_service_file "agents.xml" '<?xml version="1.0" encoding="utf-8"?>
    <service>
      <short>nxlog-agents</short>
      <description>NXLog Agent Manager</description>
      <port protocol="tcp" port="5515"/>
    </service>'
    
    # NXLog Agent Relay service
    create_service_file "relay.xml" '<?xml version="1.0" encoding="utf-8"?>
    <service>
      <short>nxlog-relay</short>
      <description>NXLog Agent Relay</description>
      <port protocol="tcp" port="5514"/>
    </service>'
    
    # Register and enable Agents and Relay services
    firewall-cmd --permanent --new-service-from-file=agents.xml --name=nxlog-agents
    firewall-cmd --permanent --new-service-from-file=relay.xml --name=nxlog-relay
    firewall-cmd --permanent --add-service=nxlog-agents --zone=public
    firewall-cmd --permanent --add-service=nxlog-relay --zone=public
    firewall-cmd --reload
    Ubuntu

    In Ubuntu, the firewall (UFW) is not enabled by default. This means you need to enable it first and then configure the above NXLog Platform services. To simplify the process, save the bash script below to your computer and then run it as root.

    configure-firewall.sh
    #!/bin/bash
    
    BASEDIR=/etc/ufw/applications.d/
    
    # Create the services
    declare -A services
    services["https.ufw"]="[https]\ntitle=HTTPS\ndescription=HTTPS\nports=443/tcp"
    services["agents.ufw"]="[nxlog-agents]\ntitle=NXLog Agents\ndescription=NXLog Agents\nports=5515/tcp"
    services["relay.ufw"]="[nxlog-relay]\ntitle=NXLog Relay\ndescription=NXLog Relay\nports=5514/tcp"
    
    for file in "${!services[@]}"; do
        printf "%b\n" "${services[$file]}" > "$BASEDIR/$file"
    done
    
    # Firewall commands
    ufw enable
    ufw allow openssh
    ufw allow https
    ufw allow nxlog-agents
    ufw allow nxlog-relay
    ufw reload

SMTP server requirements

Important NXLog Platform features such as creating user accounts and resetting account passwords rely on email. Ensure that you have the details of your organization’s SMTP server available, including network address, port number, and credentials in case of authenticated SMTP.

NXLog Platform supports plain-text, SSL/TLS, and STARTTLS SMTP communication. It uses a self-signed certificate for TLS. Ensure that your SMTP server accepts self-signed certificates or install an SMTP relay that does.