There will be two cars in the cluster. If I'm not mistaken, then the cluster can be made with the means of opensense - that is, reservation, in case one machine fails.
In total there will be 2 completely identical machines.
The configuration of one of the machines:
HP DL360 G6
Xeon x5690 x2
I350-T4
4 + 4Gb RAM
72Gb HDD SAS (DG072A8B54) - HW Raid 1
2 PSU
What will happen:
Opensense Latest
Reservation machine.
100MBps traffic to the world.
1GBps traffic on the local network.
Suricata + signatures from Snort.
BGP Community.
NAT.
What can you expect from such a machine?
How feasible are the tasks?
Will there be problems with the disk subsystem?
Should not bei an issue. Perhaps a decrease of Suricata, but the rest is fine
I'm mostly afraid only that there may not be enough disk subsystem performance. And the HDD (SAS) needs SSD.
Without Proxy you dont need much disk speed
And how voluminous logs write?
When attacking, for example.
I'm afraid that the disk space may not be enough
72GB? Most files are clog's .. so they have a fixed size and older entries are deleted.
You should be fine with the disk. I run 2 OPNsense boxes with 60GB SSD's and stay under 10% on disk usage. Just don't use the swapfile option during install. Be careful using too many snort rules in IDS as they can eat memory.