CiscoWorks VMS Security Monitor data retention factors

Unanswered Question
Aug 19th, 2008

We monitor 15 IPS sensors with CiscoWorks VMS Security Monitor and even though we have tuned some signatures and created some filters a lot of alerts are still produced and populate the database. We currently have around 12 days of retention.

What factors into the number of days worth of events I can view and report on in CiscoWorks Security Monitor Event Viewer:

The number of events received? In other words the more events that are filtered the more days worth of events I can view and report on?

The size of the table in Security Monitor > Admin > Data Management > Database > Pruning Configuration which by default is set at 2,000,000 and if I'm warned of performance degradation if I increase the size?

Anything else?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion