sybase limit really 1 million?

Unanswered Question
Mar 19th, 2008
User Badges:


saw somewhere (whitepaper iirc) that RME DB might have limit of 1M entries in the syslog DB. is this measured hard limit, sybase OEM license limit, theoretical or ?

reason - audit requirement to have 1yr syslog online. day 367 (leap years) just throw it out, nobody cares anymore.

have est. 200 events per hr flowing into $many RSAC, then split amongst RME (main) for non-security devices, and RME (csm) for fw/etc.

that's 875k records in each main/csm RME syslog DB.

if my est. is off by more than 12% variant, it blows the 1M DB limit.


any reason to worry?

before you say just add another slave RME server, I'm stuck with two. adding e.g. 10TB more disk is "easy"; but adding another RME server is hard ($$$ + OSI layers 8 & 9...)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Wed, 03/19/2008 - 18:55
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

There is a database limit of one million managed messages and 50,000 unexpected device messages. However, you don't need another server to maintain your audit requirement. You can archive messages out of the database to flat files to maintain a longer audit trail. To do this configure your backup policy under RME > Admin > Syslog > Set Backup Policy.


This Discussion