Configuring Incident Log Handling

To configure disk management for DLP incidents:

In SmartConsole, click Gateways & Servers and double-click the log server or Security Management Server that manages the DLP logs.
The server window opens and shows the General Properties page.
From the navigation tree, click Logs > Storage.
In When disk space is below MBytes, start deleting old log files, enter the minimum amount of free disk space on the server.
This setting applies to DLP incidents and logs, and to all other logs. The default setting is 5000 MBytes. When the free disk space becomes less than this limit, old DLP incidents and logs, and other logs are deleted to free up disk space.
Click OK and publish the changes.
Open the GuiDBedit Tool and log in with your SmartConsole credentials.
In the left pane, select Table > Network Objects > network_objects.
In the right pane, select the Log server or Security Management Server that manages DLP logs.
In the bottom pane, in the Field Name column, find log_policy.
Configure these fields:

Field Name	Description	Default value
`dlp_blob_delete_above_value_percentage`	The maximum % of disk space that incidents are allowed to occupy.	20%
`dlp_blob_delete_on_above`	Whether or not to delete incidents if the incidents take up more disk space than `dlp_blob_delete_above_value_` `percentage` `true` — Delete incidents. However, logs that are associated with the incidents are not deleted. `false` —Do not delete incidents. Incidents are only deleted if free disk space becomes less than the Required Free Disk Space that is configured in SmartConsole, in the Logs and Masters page of the Log server or Security Management Server that manages DLP logs.	`false`
`dlp_blob_delete_on_run_script`	Whether or not to run a script before deleting incidents. For example, to copy the logs to a different computer before they are deleted. `true` — Run the script that is defined in SmartConsole, in the Log server or Security Management Server that manages DLP logs, in the Logs and Masters > Advanced page. `false` — Do not run a script.	`false`

Field Name

Description

Default value

dlp_blob_delete_above_value_percentage

The maximum % of disk space that incidents are allowed to occupy.

20%

dlp_blob_delete_on_above

Whether or not to delete incidents if the incidents take up more disk space than dlp_blob_delete_above_value_
percentage

true — Delete incidents. However, logs that are associated with the incidents are not deleted.
false —Do not delete incidents. Incidents are only deleted if free disk space becomes less than the Required Free Disk Space that is configured in SmartConsole, in the Logs and Masters page of the Log server or Security Management Server that manages DLP logs.

false

dlp_blob_delete_on_run_script

Whether or not to run a script before deleting incidents. For example, to copy the logs to a different computer before they are deleted.

true — Run the script that is defined in SmartConsole, in the Log server or Security Management Server that manages DLP logs, in the Logs and Masters > Advanced page.
false — Do not run a script.

false