12-13-2003 02:28 AM - edited 03-09-2019 05:52 AM
Hi,
i am using VMS 2.2 to manage 6 IDS. Now I already define a database rules to manage the IDS alarms. i define a rule for prunning a database when it's reach out of thrshold. But still my harddisk is going full. how can a automatically manage the harddisk space to prevent some sapce left.
Thanks,
12-13-2003 02:57 PM
Hi Mustafa,
Please backup the database from under VPN/Sec Mgmt Soln-->Administration-->Common Services-->Backup Database. Please redirect the backup to a different drive other than the VMS install drive. This will clean up the idsmdc.log file.
Next, if the IDSMC/Secmon is version 1.2 and above, please use the IdsDbCompact utility to compact the Sybase database. More information how to use this on this url;
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mon_sec/secmon12/ug/ch07.htm#131294
Also, the below url is good for regular database maintainence
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mon_sec/secmon12/ug/ch07.htm
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mon_sec/secmon12/technote.htm
Hope this helps.
yatin
01-19-2004 01:26 AM
Hi Mustafa,
be sure that the disk is full for DB and not for process logs!
I've the same problem on my VMS on Solaris. The Daemons.log in /var/adm/CSCOpx/log ... I've to schedule a log rotate script to clear this log.
On UNIX:
1.Log in as the superuser and enter the root password.
2.Stop all processes:
On Solaris, enter: /etc/init.d/dmgtd stop
1.Perform log maintenance by entering:
$NMSROOT/bin/perl $NMSROOT/cgi-bin/admin/logBackup.pl [-force][-dir destination directory]
where $NMSROOT is the CiscoWorks installation directory,
-force allows backup regardless of log file size, and -dir specifies the full path of the destination directory.
Note: The target directory must be owned by user casuser and group casusers. The user must have read, write, and execute permissions, and the group must have at least read permission. Otherwise, the program will terminate with an error message and the log files will not be updated.
If you do not specify any options, the script backups up the log files to its default directory, PX_LOGDIR/backup.
2.Verify the procedure was successful by examining the contents of the log files in this location:
/var/adm/CSCOpx/log/*.log
Only log files that reach 90% of their size limits are backed up and the original log file is emptied.
3.Restart the system:
On Solaris, enter: /etc/init.d/dmgtd start
Hope this help,
Graz.
01-20-2004 12:35 AM
I had a similar problem. In the following you find the answer from the TAC. In my case it works.
==================== Answer from TAC ====================
The Security Monitor database is stored in two files that are located in the ~CSCOpx\MDC\Sybase\Db\IDS subdirectory: idsmdc.db and idsmdc.log.
During normal operation, the size of the idsmdc.db file is never reduced. When records are pruned from the database tables, space is made available in the file for additional data, but the file does not become smaller.
If the default pruning rules are in place and pruning is occurring, you do not need to reduce the size of the database files. However, in some situations (as, for example, when the default rules are deleted or if the IDS_dbAdminAnalyzer daemon is stopped), these files may grow large, and you will have to reduce their size. The database compact utility provides this function. You will want to run this utility if the idsmdc.db and idsmdc.log files combined exceed your available resources.
Next:
First trying running idspruning with the option do delete the alarms marked for deletion.
Than try to compact the database. Detail description are below. In addition a have put the logging from the try I did in the lab for you below.
Prune:
Here is a sample to delete all but the last 7 days of events (be aware all data before will be lost):
C:\Program Files\CSCOpx\MDC\bin\ids>idspruning -r"syslog,alert,auditlog" -a7
Compact:
A utility was added to the IDSMC/SecMon 1.2 release to compact the database.
usage: IdsDbCompact [-c dir] [-r] [-u dir] [-v]
(If no options are given, the directory that idsmdc.db is in will
be used for new database creation and /unload under that will used
for database unload. Old database will not be deleted, but renamed
to idsmdc.db.orig and idsmdc.log.orig)
-c: Directory new database will be created in
-r: Remove original database after successful compact
-u: Directory database will be unloaded in
-v: Verbose output\n
To run this utility, the user should follow the below steps.
1. Before running this utility, perform a database backup.
2. CW2000 Daemon Manager must be stopped before IdsDbCompact.exe is run.
Run this from a dos prompt. Type:
> net stop "CiscoWorks Daemon Manager"
3. After the CW2000 system has stopped, run the IdsDbCompact utility.
4. After completion of the IdsDbCompact.exe utility, restart the CW2000
Daemon Manager.
Run this from a dos prompt. Type:
> net start "CiscoWorks Daemon Manager"
5. Wait at least 10 minutes after restarting CW2000 to allow all processes
to restart.
Suggested command lines:
If you have space on the disk where idsmdc.db currently exists and you want to
compact the database while saving a copy of the old database as idsmdc.db.orig
> IdsDbCompact.exe
If you have space on the disk where idsmdc.db currently exists and you want to
compact the database without saving a copy of the old database:
> IdsDbCompact.exe -r
If you have little space where idsmdc.db currently resides and don't want
to save the current database. This assumes that the database resides on
a drive other than c:
> IdsDbCompact.exe -r -u "c:\temp\unload"
----------------------------------
Example for the lab I just did for you.
C:\Program Files\CSCOpx\MDC\bin\ids>idspruning -r"syslog,alert,auditlog" -a7
?..
C:\Program Files\CSCOpx\MDC\Sybase\Db\IDS>date
The current date is: Tue 11/11/2003
Enter the new date: (mm-dd-yy)
C:\Program Files\CSCOpx\MDC\Sybase\Db\IDS>time
The current time is: 19:25:57.20
Enter the new time:
C:\Program Files\CSCOpx\MDC\Sybase\Db\IDS>dir
Volume in drive C has no label.
Volume Serial Number is 4859-2450
Directory of C:\Program Files\CSCOpx\MDC\Sybase\Db\IDS
11/11/2003 07:39p
11/11/2003 07:39p
11/11/2003 12:06a
11/11/2003 07:34p 160,055,296 idsmdc.db
11/11/2003 07:34p 147,259,392 idsmdc.log
2 File(s) 430,800,896 bytes
3 Dir(s) 28,084,457,472 bytes free
C:\Program Files\CSCOpx\MDC\Sybase\Db\IDS>
C:\Program Files\CSCOpx\MDC\bin\ids>net stop "CiscoWorks Daemon Manager"
The CiscoWorks Daemon Manager service is stopping..............................
...........................................
The CiscoWorks Daemon Manager service was stopped successfully.
C:\Program Files\CSCOpx\MDC\bin\ids>IdsDbCompact
New database will be created in C:\PROGRA~1\CSCOpx\MDC\Sybase\DB\IDS
Database will be unloaded in C:\PROGRA~1\CSCOpx\MDC\Sybase\DB\IDS\unload
Original database will be renamed to C:\PROGRA~1\CSCOpx\MDC\Sybase\DB\IDS\idsmdc
.db.orig
If there any files in C:\PROGRA~1\CSCOpx\MDC\Sybase\DB\IDS\unload, they will be
deleted!
Do you wish to continue(y/n)?
y
The CiscoWorks Sybase Server service is starting.
The CiscoWorks Sybase Server service was started successfully.
Adaptive Server Anywhere Initialization Utility Version 7.0.3.2046
Creating system tables
Collation sequence: 1252LATIN1
Creating system views
Setting permissions on system tables and views
Setting option values
Loading Java classes
Initializing UltraLite deployment option
Database "C:\PROGRA~1\CSCOpx\MDC\Sybase\DB\IDS\idsmdc.db" created successfully
Starting to load new database
Execution time: 181.203 seconds
The CiscoWorks Sybase Server service is stopping.
The CiscoWorks Sybase Server service was stopped successfully.
C:\Program Files\CSCOpx\MDC\bin\ids>
C:\Program Files\CSCOpx\MDC\Sybase\Db\IDS>dir
Volume in drive C has no label.
Volume Serial Number is 4859-2450
Directory of C:\Program Files\CSCOpx\MDC\Sybase\Db\IDS
11/11/2003 07:45p
11/11/2003 07:45p
11/11/2003 12:06a
11/11/2003 07:45p 150,052,864 idsmdc.db
11/11/2003 07:42p 160,055,296 idsmdc.db.orig
11/11/2003 07:45p 196,608 idsmdc.log
11/11/2003 07:42p 147,259,392 idsmdc.log.orig
4 File(s) 581,050,368 bytes
3 Dir(s) 27,934,208,000 bytes free
C:\Program Files\CSCOpx\MDC\bin\ids>net start "CiscoWorks Daemon Manager"
The CiscoWorks Daemon Manager service is starting.
The CiscoWorks Daemon Manager service was started successfully.
wait some minutes (about 10 min)
==================== End ====================
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide