cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
184
Views
0
Helpful
1
Replies

Security Monitor 1.1.1 Database backup?

teperjesi
Level 1
Level 1

Hi,

My IDS database is too big. I know, how to delete the database events, but I have to archive the older events. Is there any solution to convert the Security Database to .csv or some other form. I have to be able to search in the "deleted", "old" events too.

Any advice?

Thx

1 Reply 1

darin.marais
Level 4
Level 4

I hope this helps. You may need a cco login to access the url.

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3991/products_user_guide_chapter09186a00800e4371.html#xtocid3

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080157faa.html

Default Database Rules

The Database Rules page contains the following two default database rules for pruning events:

Default Alarm Pruning—When there are more than 2,000,000 events in the alerts table, the PruneDefault.pl script runs and deletes the oldest events from the table so that 1,800,000 events will remain in the alerts table.

Default Syslog Pruning—When there are more than 2,000,000 events in the syslog table, the PruneDefault.pl script runs and deletes the oldest events from the table so that 1,800,000 events will remain in the syslog table.

You can edit and delete the default database rules, just like you can edit and delete the database rules that you manually add.

Archived data from the default database rules are saved in the X:/Program Files/CSCOpx/MDC/Sybase/Db/IDS/AlertPruneData folder, where X is the drive where Security Monitor is installed. However, you can change the default directory by editing the database rule.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: