Skip to content

Licensing Guide

Logster is currently provided under a single UAT (User Acceptance Testing) license. This page describes that license — its duration and event limits — and the ethical license enforcement policy.

For product-level positioning, see What is Logster. For licensing quotes, custom integrations, or professional services, contact the vendor directly.

UAT License

The UAT license is sized for a full user-acceptance-testing cycle:

Term Value
License duration 365 days
Total event budget 1,000,000 events
Daily ingestion cap 100,000 events / day
  • 365-day license. The license is valid for one year from activation.
  • 1,000,000 total events. A cumulative budget across the life of the license.
  • 100,000 events / day. The per-day ingestion cap.

When either the daily cap or the total event budget is reached, contact the vendor to extend or renew the license.

Ethical license enforcement

The UAT license follows an ethical license enforcement policy:

Logster's license never interrupts real-time log ingestion or threat detection. The daily and total event limits are still applied in the background. Customers who repeatedly exceed those limits are expected to contact Support to extend or renew the license.

In practice this means:

  • If your traffic briefly spikes above the daily cap, Logster keeps detecting. You do not lose visibility because of a billing check.
  • License violations (over-cap ingestion events) are tracked and reported back to the vendor for review.
  • Repeatedly exceeding the daily cap, or reaching the total event budget, triggers a conversation with Support about extending or renewing — not a cutoff.

Deployment models

The UAT license can be run in either of two deployment models. The choice is typically driven by data residency requirements and internal operations capacity.

On-Prem

  • Installed inside your own data center or cloud account.
  • Logs never leave your environment — strongest data privacy posture.
  • Real-time model updates delivered by the vendor.
  • You own:
    • Hardware (CPU / GPU for inference, storage for Kafka + ES).
    • IT staffing (deployment, monitoring, incident response).
    • Maintenance (patching, backups, upgrades).
    • Training (for analysts and operators).

Right when: data residency requirements are non-negotiable, or when your team already operates infrastructure at scale and prefers to keep detection inside your own perimeter.

SaaS

  • Hosted and operated by the vendor.
  • No maintenance hassle — no customer hardware, no ops burden.
  • Real-time model updates delivered by the vendor.
  • You own:
    • Endpoint collector deployment (Winlogbeat / Splunk UF / rsyslog / syslog-ng on your hosts).
    • Data source configuration and tuning.
    • Analyst workflow.

Right when: you want the fastest time-to-value, or when you do not have a dedicated platform team to run an on-prem Logster stack.

Feature parity

Both deployment models deliver the same detection capability — same models, same pipeline, same dashboard, same API. The difference is exclusively about who runs the infrastructure.

Hardware expectations

Hardware sizing is an operational concern and is documented in the Admin Guide. Logster runs on two nodes — an App Node and a GPU Node; for the full per-node CPU, RAM, disk, and GPU requirements, see Appliance Deployment: Hardware requirements.

Extending or renewing

When the 365-day term ends, or when you reach the 1,000,000-event budget, reach out to Support to extend or renew the license. If you repeatedly exceed the daily cap before then, the vendor will contact you about adjusting the license. See the ethical license enforcement section above.