Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Some Questions for IDS MC?

1. After alert events are pruned into the fold "AlertPruneData", they will become some "txt" files. Which application can I use to read the events from these txt file?

2. For the default alarm pruning, it is stated in the document only the events in the alert table will be pruned. But after pruning, I can see some syslogxxx.txt files in the "AlertPruneData" folder. Does it mean that the events in the syslog table have been pruned too?

Thanks for your all comments

1 REPLY
New Member

Re: Some Questions for IDS MC?

You can prune alarms based on a number of different criterion such as 'alarms older than the specified number of days' or 'number of events in a table has exceeded a given limit'. Also, pruning can be done on a specified table or tables, ie you can specify the type of table to be pruned. You can choose from the table types syslog, alert, auditlog, deploy and sysconfig or you could list multiple tables (using a comma-delimited list).

'Default alarm pruning' and 'default syslog pruning' are two database rules for pruning event that by default are present in the Database Rules page. Further, It is my understanding that all pruned data goes(is archived in) the same folder. What might be happening is that the syslog messages you see were pruned from the syslog table by the 'default syslog pruning rule' and not the alerts table.

If you wish to do so, default rules too can be modified. For more information, you could take a look at the document Administering Security Monitor at the URL http://www.cisco.com/en/US/products/sw/cscowork/ps3991/products_user_guide_chapter09186a00800e4371.html

192
Views
0
Helpful
1
Replies
CreatePlease to create content