06-13-2003 12:09 AM - edited 03-09-2019 03:39 AM
Can you please tell me how you can delete (specific or all) events from the events database of IDS. Note that the event viewer is not installed yet.
Thank you
Nikolas
06-15-2003 07:23 AM
Hi Nicholas,
If I understood your above situation, you do not have any kind of EventViewer software ( like IDM/IEV or the VMS Security Monitor) installed and configured yet to receive the sensor events into the database. If that is true, it means that you are probably looking for deleting the events from the Sensor itself, right?
Well, the events are stored in the event store on the sensor. This is a large rotating buffer for event storage. The Event Store file is a 4 GB, fixed-size file.
Until the IEV or the Security Monitor pulls these events, they will stay on the sensor upto 4GB limit. The Event Store files path is /usr/cids/idsRoot/var/IdsEventStore.
You may cleanup this file.
Now if you are looking for cleaning up the VMS events database, then you will have to use the "idspruning" utility that is documented at the below url;
Hope this helps you a bit.
Thanks,
yatin
06-17-2003 07:13 AM
Hi Nicholas,
Just to clarify on how to cleanup the Event Store file on the sensor;
From the sensor CLI run the command " clear events". There are other commands that may be useful e.g. "show events" "show statictics eventstore"
Thanks,
yatin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: