Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Security Monitor 1.1.1 Database backup?

Hi,

My IDS database is too big. I know, how to delete the database events, but I have to archive the older events. Is there any solution to convert the Security Database to .csv or some other form. I have to be able to search in the "deleted", "old" events too.

Any advice?

Thx

1 REPLY
New Member

Re: Security Monitor 1.1.1 Database backup?

I hope this helps. You may need a cco login to access the url.

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3991/products_user_guide_chapter09186a00800e4371.html#xtocid3

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080157faa.html

Default Database Rules

The Database Rules page contains the following two default database rules for pruning events:

Default Alarm Pruning—When there are more than 2,000,000 events in the alerts table, the PruneDefault.pl script runs and deletes the oldest events from the table so that 1,800,000 events will remain in the alerts table.

Default Syslog Pruning—When there are more than 2,000,000 events in the syslog table, the PruneDefault.pl script runs and deletes the oldest events from the table so that 1,800,000 events will remain in the syslog table.

You can edit and delete the default database rules, just like you can edit and delete the database rules that you manually add.

Archived data from the default database rules are saved in the X:/Program Files/CSCOpx/MDC/Sybase/Db/IDS/AlertPruneData folder, where X is the drive where Security Monitor is installed. However, you can change the default directory by editing the database rule.

90
Views
0
Helpful
1
Replies
CreatePlease to create content