Configuring Incident Log Handling
To configure disk management for DLP incidents:
- In SmartConsole, click and double-click the log server or Security Management Server that manages the DLP logs.
The server window opens and shows the page.
- From the navigation tree, click > .
- In , enter the minimum amount of free disk space on the server.
This setting applies to DLP incidents and logs, and to all other logs. The default setting is 5000 MBytes. When the free disk space becomes less than this limit, old DLP incidents and logs, and other logs are deleted to free up disk space.
- Click and publish the changes.
- Open the GuiDBedit Tool and log in with your SmartConsole credentials.
- In the left pane, select > >
- In the right pane, select the Log server or Security Management Server that manages DLP logs.
- In the bottom pane, in the column, find
- Configure these fields:
Field Name
|
Description
|
Default value
|
dlp_blob_delete_above_value_percentage
|
The maximum % of disk space that incidents are allowed to occupy.
|
20%
|
dlp_blob_delete_on_above
|
Whether or not to delete incidents if the incidents take up more disk space than dlp_blob_delete_above_value_
percentage
true — Delete incidents. However, logs that are associated with the incidents are not deleted.false —Do not delete incidents. Incidents are only deleted if free disk space becomes less than the that is configured in SmartConsole, in the page of the Log server or Security Management Server that manages DLP logs.
|
false
|
dlp_blob_delete_on_run_script
|
Whether or not to run a script before deleting incidents. For example, to copy the logs to a different computer before they are deleted.
true — Run the script that is defined in SmartConsole, in the Log server or Security Management Server that manages DLP logs, in the > page.false — Do not run a script.
|
false
|