Technote (troubleshooting)
Problem(Abstract)
With the introduction of the 4.x line of firmware for Proventia IPS appliances, the method of storing events for display in the Local Management Interface (LMI) changed to utilize a SQLite database.
On the GV1000 virtual appliance, the files used to store the event data may grow to fill the / partition on the virtual appliance. This article details how to control the number of files and the maximum size of the files to prevent the files from filling the partition.
Resolving the problem
There are two parameters that may used to control the amount of hard disk space used by the database:
crmdb.ipsdbarchivecount controls the number of files that may be created to store events. The default value is 8
crmdb.ipsdbarchiveeventthreshold controls the maximum number of events that may be stored per file. The default value is 40,000.
To edit the values:
1. Log into the appliance via SSH or a local console as the root user
2. Change the working directory:
cd /var/iss-db
3. Start the SQLite command prompt:
sqlite3 crm.db
4. Run the following commands individually in the SQLite prompt:
insert into config (ParamName, ParamValue) values ("crmdb.ipsdbarchivecount", <insert desired value>);
insert into config (ParamName, ParamValue) values ("crmdb.ipsdbarchiveeventthreshold", <insert desired value>);
.exit
5. recycle the issDaemon (serivce issDaemon restart)
________________________________________________________________________________
If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.