Video Screencast Help

Detail Persisting over 1000000 incidents can decrease database performance

Created: 26 Feb 2014 • Updated: 03 Mar 2014 | 5 comments
This issue has been solved. See solution.

Dear all of you,

I'm seeking for solution for the Warning Events as shown as below from the Enforce Server. Can anybody help me? Thank you for very much!

Code  2316 
Summary  Over 1000000 incidents currently contained in the database 
Detail  Persisting over 1000000 incidents can decrease database performance

Operating Systems:

Comments 5 CommentsJump to latest comment

stephane.fichet's picture

Hello,

 You can archive some incidents using web archive (you xill find lot of threads about webarchive on this forum) and then delete them from database. Just be sure to store your web archive in a safe place. You can also simply delete some incident which were assess as false positive.

 

 Regards.

SOLUTION
DLP Solutions's picture

Hoang,

 

The erro is saying that you have over 1000000 incidents in the DLP system. That is a LOT of incidnets to keep.

You should be deleting these incidents overtime.. the idea is to keep incidnets in the system that are needed for legal purposes over a period of time. Most of my customers fdo not keep incidents in the system over 1 to 2 years and will delete them from the system completely. The ONLY ones to keep are the ones that are under investigation or are needed for Legal purposes.

The system is giving you this warning for reports will take longer to run and can impeded the perfromance of the Reporting aspect of the console.

 

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

 

Please make sure to mark this as a solution

to your problem, when possible.

 

Hoang Than's picture

Dear Ronak and Stephane,

 

Thank you very much for your solutions. Yes, I think so. However, I don't know what useful Oracles SQL commands should I use here to backup old incidents. Could you please show me in more details step by step?

Thank you very much in advance :)

 

stephane.fichet's picture

hello

 

 you should use DLP UI to do it because incident are stored encrypted in DLP database so if you want to keep a track of them it is better to do it via DLP UI.

In menu System / Incident Data / Web Archive you are able to define archive name and use a report to select incident you want to extract (so you have to define a report before). and then click on create, this will archive your incident (if you have a lot it could take lot of time and also a huge disk volume). This web archive is created on enforce server in directory "Archive".

 Then you can use your report previously used to define your archive content, and click on "select all" then select "Delete Incident" in "incident actions" dropbox.

 

 Regards.

Hoang Than's picture

Hello,

It's great. With over 1,000,000 incidents, it will take long time to finishsad. I hope the incoming version 12.xx will have a better way to manage incidents.

Anyway, thank you very much for your help.