Admin Guide: Overview
The Admin Guide explains how to deploy and operate Logster using the
packaged appliance shipped for evaluation and production trials. A
deployment is split across two nodes — an App Node (the full Logster
stack, shipped as an .ova) and a GPU Node (the local model server) —
and is documented end to end in the Appliance Deployment section.
What the Admin Guide covers
| Page | You'll learn how to... |
|---|---|
| Licensing Guide | Understand the UAT license — its 365-day duration, total and daily event limits, and the enforcement policy. |
| Appliance Deployment: Overview & Topology | Understand the two-node topology, hardware requirements, and the order to set things up. |
| App Node (OVA Appliance) | Import the .ova, configure it, install your license, start the stack, and connect Windows endpoints. |
| GPU Node (LLM Inference Server) | Provision a GPU-capable VM, load the shipped model image, and run the inference server. |
| Sysmon Configuration | Configure Sysmon on monitored Windows endpoints so they produce the events Logster expects. |
Hardware requirements
Logster runs on two nodes — an App Node and a GPU Node. The full, per-node hardware requirements (CPU, RAM, disk, and GPU) are listed in Appliance Deployment: Hardware requirements.
Deployment order
Set the appliance up in this order:
- GPU Node — provision the GPU VM, load the model image, and start the inference server. Note its endpoint URL.
- App Node — import the
.ova, point it at the GPU Node, install your license, and start the stack. - Connect your Windows endpoints — see Sysmon Configuration and Connecting a Windows endpoint.
For analyst-facing documentation, see the UI Guide.