McAfee GUARD DOG 2 Installationsanleitung PDF herunterladen (Seite 18)

McAfee

IntruShield

IPS System IntruShield Best Practices

Special Topics: Best Practices Maintenance, backup, and database tuning

Alerts and disk space maintenance

Disk space maintenance is an important task that must be completed to ensure

efficient running of the Manager. In order to develop best practices for database

maintenance it is important to understand the lifecycle of an alert.

Alert states

Alerts exist in one of three states: unacknowledged/acknowledged, and marked for

deletion. When an alert is raised, it appears in the Manager in an unacknowledged

state. Unacknowledged means that you have not officially recognized its presence by

marking it acknowledged. An alert remains in an unacknowledged state until you either

acknowledge or delete it. Alerts are backed up to the database and archived in order of

occurrence. Deleted alerts are removed from the database.

Unacknowledged alerts display in the Unacknowledged Alert Summary section of the

Network Console and the Real-time view in the Alert Viewer. Acknowledging alerts

dismisses them from these views. Acknowledged alerts shown only in the Historical

view in the Alert Viewer and in reports.

Deleting an alert both acknowledges it and marks it for deletion. The alert is not actually

deleted until a scheduled File Maintenance takes place. At that time, Intrushield deletes

those alerts marked for deletion and those alerts meeting the deletion criteria specified

in the scheduler-older than 30 days, for example-whether or not they've been manually

marked for deletion.

To put an acknowledged alert back into an unacknowledged state or un-delete an alert,

you can use the Historical view in Alert Viewer to show all alerts from the time period

in which the acknowledged/deleted alert took place. You can then locate the alert and

unacknowledge or un-delete it. This alert will not display in the Real-time Alert Viewer

until you have closed and re-opened the Alert Viewer.

Databases can be substantial, possibly containing all Alert and Packet logs, any incident

reports that have been generated and audit and fault logs. Maintenance of this data can

be accomplished automatically using the File Maintenance scheduler. If you have a

large amount of data and wish to do your tuning offline, it is a best practice to use the

purge.bat (forces the deletion of old alerts) and dbtuning.bat (force the tuning of the

database) scripts. To do this you must stop the Manager and run the scripts. To tune

while the Manager is running, use the online tools, but ensure that you do not have

another process running concurrently during the tuning.

Dbtuning.bat

The dbtuning.bat utility does the following:

 Defragments tables where rows/columns are split or have been deleted

 Re-sorts indexes

 Updates index statistics

 Computes query optimizer statistics

 Checks and repairs tables

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 24 25

Kommentare zu diesen Handbüchern

Keine Kommentare

McAfee GUARD DOG 2 Installationsanleitung Seite 18

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Nein McAfee GUARD DOG 2