Question & Answer
Question
What can I do if I see my Guardium Appliance getting full? Symptoms - Cannot login to GUI, tomcat error on GUI, size of DB from System View approaching 100%, receiving alerts indicating the DB size is getting larger.
Cause
The DB filling up can be caused by the following, amongst other things:
- Spikes in the data being captured
- A policy setting that allows too much data to be logged in the internal database
- Keeping too many days of data on the internal database
- Collecting data from too many S-TAPs
Answer
Appliance full training on IBM Security Learning Academy
IBM Security Learning Academy provides free labs and training for Guardium.
This includes two courses for handling appliance full issues. These courses cover the recommended way to approach appliance full issues:
- Video - Preventing and Reacting to Guardium Database Full Issues
- Course - Database full troubleshooting
Sign in with an IBM ID is required.
The above training is comprehensive - Below is one example of how you may attempt to purge some older data
The quickest way to reduce the DB % Full is to induce a purge of some older data now.
Manage -> Data Management -> Data Archive -> Run Once Now.
Example - If you have "Purge data older than 30 days" set currently, and presuming you have all necessary backups and Archives of your system and you are happy to attempt to purge off slightly more data now
- Make a note of current DB % Full
- Set "Purge Data Older than" to 25 days
- Make sure the "Purge" check-box is checked
- Make sure the "Archive" check-box is unchecked
- Make sure the "Allow purge without exporting or archiving" is checked
- Click "Run Once now"
- Check progress of the purge via Reports -> Guardium Operational Reports -> Aggregation/Archive Log.
- Right click on the Archive and select "detail" log
- Review the status of purge process in the log
- Once purge is finished make a note of the current DB % Full from System View
If a difference in the DB % Full in the right direction is noticed then consider issuing the above commands again for slightly less days - eg purge older than 20 days.
- Remember to check the Archive check-box when finished performing these adhoc purges
Looking at the causes for this problem you may want to also consider the following
- See the technote - Why is my Guardium internal database filling up?
- Amend the policy to capture only the necessary data
- For example sometimes there is no need to capture Full SQL in all cases.
- Switch one or more of the S-TAPs to another Collector
- Amend the Archive and Purge settings to purge more data off each day
- Ensure the Schedule is set to run once per day
- After purging you may need to optimize the database. See the technote - Guardium internal database full percentage is not decreasing, even after a successful purge
- If that does not help or you cannot access the GUI, contact Guardium Support
Related Information
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0JAAS","label":"APPLIANCE"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
24 November 2020
UID
swg21511904