Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
3
Helpful
5
Replies

IDS Database files too big

d-g-c
Level 1
Level 1

‎05-26-2005 02:53 AM - edited ‎03-10-2019 01:28 AM

I'm receiving this alert from the management centre for IDS sensors :

Name: IDS database files

Size Limit: 8 GB

Current Usage:128.87% (10.31 GB)

Note: Current usage is more than the recommended limit.

How do I prune the size of these files automatically within cisco works?

Labels:
0 Helpful
5 Replies 5

Jeffrey Bollinger
Cisco Employee
Cisco Employee

‎05-26-2005 09:36 AM

Depends on which version of the IDS MC you're using.

With Security Monitor 2.0, the database pruning is handled automatically by a database pruning daemon. By default, it will prune the database when it hits 2,000,000 events. This default value can be changed by logging into SecMon and going to Admin -> Data Management -> Database -> Pruning Configuration.

Now when the database is pruned, by default it will create an archive of the pruned data in a flat file that is stored in ~\CSCOpx\MDC\secmon\AlertPruneData. This is a directory you will want to watch, because it can grow rapidly. If the archive is no longer needed, it is save to delete these files to reclaim disk space. Another recommended option is to change the pruning directory to a network share so that you don’t have to worry about maintaining that directory. To change the directory, go to Admin -> System Configuration -> Prune Archive Location.

Finally, if you want to change the thresholds at which you are warned, go to Admin -> Data Management -> Files. For each file you can change the value in the Limit column by just clicking on the current value.

For IDS MC 1.2 see this doc:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mon_sec/secmon12/ug/ch07.htm

nickbruno
Level 1
Level 1
In response to Jeffrey Bollinger

‎05-27-2005 05:57 AM

I am having the same issue. The idsmc.log is almost 8GB itself. When I try to change the size, it says I do not have the proper space available even thoug I have 5GB of free space. Any ideas?

0 Helpful

d-g-c
Level 1
Level 1
In response to nickbruno

‎06-23-2005 02:33 AM

Whilst my sybase database seems to be getting pruned automatically by SecMon 2.1 my idsmc.log is still growing - it'a almost 12GB now. Did you get a resolution to your problem? Why isn't CW2K managing the size of this file?

0 Helpful

cburgarella
Level 1
Level 1
In response to d-g-c

‎07-25-2005 08:53 AM

Hi had the same problem,

i simply stopped all services by the application, and then removed the idsmdc.log file, that seems not to be the database.

note that you have another file idsmdc.db.

i didn't lost any alert.

0 Helpful

koiflowerhorn
Level 1
Level 1
In response to cburgarella

‎08-03-2005 07:19 PM

Hi! We also encountered pruned data that is increasing so fast as well as the idsmdc.db.

1. Is it safe to delete old files at /opt/CSCOpx/MDC/secmon/AlertPruneData? What would be the importance of these files that we should consider for future use?

2. I understand that information in these pruned data no longer exist at idsmdc.db: Events are pruned from the database when the event tables exceed a specified size. The oldest event records are deleted from an event table first. How come the idsmdc.db is still increasing so fast? What does idsdmc.db comprised of?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card