Critical System Protection

 View Only

  • 1.  SCSP DB Size

    Posted Dec 06, 2011 03:45 AM

    HI,

    I am using SCSP with embedded DB.

     

    May I know if there is a limit to the DB used? My worries is that if the DB is full or the limit is set to 4GB,

     

    it will stop working when it is full. Anyway for me to maintain or purge the logs?

     

    Thanks



  • 2.  RE: SCSP DB Size

    Posted Dec 06, 2011 09:23 AM

    You will need to verify which DB version you are using but the default embedded DB is (I believe) SQL Express 2005 which has a 4GB limit.

    http://msdn.microsoft.com/en-us/library/ms345154%28v=sql.90%29.aspx

    To manage your logs, you can set the number of days to keep events. Do this by going to the Admin Icon from any View and select System Settings. This will display 3 options for purging Real-time, Profile and Analysis events.

    Also, make a backup and edit the the ...\Symantec\Critical System Protection\Server\tomcat\conf\sis-server.properties file. Uncomment the sisdbcleanup options and set them to the desired number of hours and the number of events to purge. You can monitor the size of the DB by using the custom Symantec queries built into the product. (Queries\Symantec\<policy pack version>\status\Database Status). Also,

    Monitor the system deleting the events to ensure you are "throttling" them appropriatly. You may be creating events faster than you are deleting them in which case the DB will keep growing. Do an Event Search, choose Audit for the Event Category, enter the appropriate time frame to search and enter "DELETE EVENTS" without quotes into the Operation text box. In this event, make sure that the events deleted is less than the purge limit you set. If its consistently equal to the purge limit, its not deleting all the events it should and your DB will continue to grow.

    To go a step further, you may want to setup an e-mail alert that will e-mail you the event for ongoing monitoring.

    # sisdbcleanup.runtime
    # sisdbcleanup.event.purge.limit
    #
    #    sisdbcleanup.runtime
    #        This tag represents how often database cleanup is performed.
    #        The value is specified in hours, ex 24 means that database
    #        cleanup is performed every 24 hours.
    #
    #    default: 23
    #
    #
    #     sisdbcleanup.event.purge.limit
    #        This tag represents the max number of event are purged each
    #        time the db cleanup is performed.  This value will only be
    #        used when the event purging is enabled in the console.
    #
    #    default: 100000

    #sisdbcleanup.runtime=23
    #sisdbcleanup.event.purge.limit=100000



  • 3.  RE: SCSP DB Size

    Posted Dec 12, 2011 01:16 PM

    The information posted by timl1228 is correct, but officially, the limited versions of Microsoft's SQL are unsupported, and unrecommended in a production environment.  One of the these versions of SQL is included (depending on which version of SCSP you are using) for evaluation purposes.

    The main reason for this is because you would not want to limit the amount of reporting possible for compliance and other legal issues -- if your database is no longer able to be written to because it has hit its limit, you will not be able to monitor your systems.

    If you need to move your database to a production platform, here is a link on how to do that:

    How to Move a Symantec Critical System Protection (SCSP) 5.2 Manager and MSDE Database to a Production Database and Server
    https://imconsole-kb.ges.symantec.com/InfoManager/WebObjects/InfoManager.woa/wo/vpFV1FqweTJgXhl5iAIPIg/6.0.32.1.1.1.3.21.0.2.6.11.14.1.0.7.1