IBM Support

Controlling the size of ipsattacksdb files on Security Network IPS sensors

Technote (troubleshooting)


Problem(Abstract)

The ipsattacksdb files on Security Network IPS (GX) sensors is used to store events that are displayed in the Local Management Interface (LMI). Use the information in this article to modify how much disk space these files use.

Cause

On the GV1000 virtual appliance, the files that are used to store the event data can grow to fill the / partition on the virtual appliance. This article details how to control the number of files and the maximum size of the files to prevent the files from filling the partition.

Resolving the problem

Important: When performing administration tasks via ssh or local console, configuration changes made to your IBM appliance by any user other than admin could degrade appliance performance. Installing or activating other services or applications may also impact appliance performance or security. IBM Infrastructure Security Support will not support configuration changes made using the root user account unless specifically directed by a support engineer or IBM documentation. The following DCF Technote content is supported. Any further changes made that are not included in this document will place your product into an unsupported state and IBM product support may require you to reimage your appliance to restore it to a supported state.


There are two parameters that can be used to control the amount of hard disk space that is used by the database:

crmdb.ipsdbarchivecount controls the number of files that can be created to store events. The default value is 8.

crmdb.ipsdbarchiveeventthreshold controls the maximum number of events that can be stored per file. The default value is 40,000.

To change the values, follow the instructions below:

  1. Log in to the appliance via SSH or a local console as the root user.
  2. Change the working directory:
    cd /var/iss-db
  3. Start the SQLite command prompt:
    sqlite3 crm.db
  4. Run the following commands individually in the SQLite prompt:
    insert into config (ParamName, ParamValue) values ("crmdb.ipsdbarchivecount", <insert desired value>);
    insert into config (ParamName, ParamValue) values ("crmdb.ipsdbarchiveeventthreshold", <insert desired value>);
    .exit

  5. Restart the issDaemon service with the following command:
    service issDaemon restart
    Note: Restarting the issDaemon service causes a brief disruption in traffic. Schedule for this accordingly.


Document information

More support for: IBM Security Network Intrusion Prevention System
General Information

Software version: 4.6, 4.6.1, 4.6.2

Operating system(s): Firmware

Reference #: 1608721

Modified date: 11 September 2017


Translate this page: