sybase limit really 1 million?

Unanswered Question

hi,

saw somewhere (whitepaper iirc) that RME DB might have limit of 1M entries in the syslog DB. is this measured hard limit, sybase OEM license limit, theoretical or ?

reason - audit requirement to have 1yr syslog online. day 367 (leap years) just throw it out, nobody cares anymore.

have est. 200 events per hr flowing into $many RSAC, then split amongst RME (main) for non-security devices, and RME (csm) for fw/etc.

that's 875k records in each main/csm RME syslog DB.

if my est. is off by more than 12% variant, it blows the 1M DB limit.

confirm?

any reason to worry?

before you say just add another slave RME server, I'm stuck with two. adding e.g. 10TB more disk is "easy"; but adding another RME server is hard ($$$ + OSI layers 8 & 9...)

tks,

R.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 03/19/2008 - 18:55

There is a database limit of one million managed messages and 50,000 unexpected device messages. However, you don't need another server to maintain your audit requirement. You can archive messages out of the database to flat files to maintain a longer audit trail. To do this configure your backup policy under RME > Admin > Syslog > Set Backup Policy.

Actions

This Discussion