IBM Support

What can I do if I see my Guardium Appliance getting full?

Technote (FAQ)


Question

What can I do if I see my Guardium Appliance getting full?

Symptoms
* Cannot login to GUI
* Tomcat error on GUI
* Size of DB from System View approaching 100%
* Receiving alerts indicating the DB size is getting larger

Cause

The DB filling up can be caused by the following - amongst other things

    • Spikes in the data being captured
    • A policy setting that allows too much data to be logged in the Internal Database
    • Keeping too much data on the Internal Database
    • Collecting data from too many Databases (STAPs)

Answer

Recommended Viewing



YouTube Video
Preventing and Reacting to Guardium Database Full Issues (22:59)
Prevent your Guardium internal database filling up, troubleshoot, and take action to reduce the space when needed.



The above video is fairly comprehensive - Below is one example of how you may attempt to purge some older data


The quickest way to reduce the DB % Full is to induce a purge of some older data now.
v9 - Administration Console --> Data Management --> Data Archive --> Run Once Now
v10 - Manage -> Data Management -> Data Archive -> Run Once Now

Example - If you have " Purge data older than 30 days" set currently, and presuming you have all necessary backups and Archives of your system and you are happy to attempt to purge off slightly more data now
    • Make a note of current DB % Full
    • Set "Purge Data Older than" to 25 days
    • Make sure the "Purge" check-box is checked
    • Make sure the "Archive" check-box is unchecked
    • Make sure the "Allow purge without exporting or archiving" is checked
    • Click "Run Once now"
    • Check progress of the purge via v9 Guardium Monitor --> Archive/Aggregation Log. v10 Reports -> Guardium Operational Reports -> Aggregation/Archive Log.
            You should see similar to the following comment when the purge is finished (results displayed in reverse date order)
              Purge process DONE

    • Once that is finished make a note of the current DB % Full from System View

If a difference in the DB % Full in the right direction is noticed then consider issuing the above commands again for slightly less days - eg purge older than 20 days.
  • Remember to check the Archive check-box when finished performing these adhoc purges

Looking at the causes for this problem you may want to also consider the following

- See the technote - Why is my Guardium internal database filling up?

- Amend the policy to capture only the necessary data
    For example sometimes there is no need to capture Full SQL with Values in all cases.
    Do you really need to capture all the SQL for all cases?

- Switch one or more of the Databases being captured via the STAPs to another Collector.


- Amend the Archive and Purge settings to purge more data off each day
    Ensure the Schedule is set to run once per day.

- After purging you may need to optimize the database. See the technote - Guardium internal database full percentage is not decreasing, even after a successful purge

If that does not help or you cannot access the GUI, then engage IBM Technical Support in the usual manner

Related information

Why is my Guardium internal database filling up?

Document information

More support for: IBM Security Guardium
Guardium Central Manager and Aggregator

Software version: 8.2, 9.0, 9.1, 9.5, 10.0

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS

Reference #: 1511904

Modified date: 06 March 2018


Translate this page: