+ -


Thursday, April 17, 2014

Managing Disk Space on Appliance for SecurityCenter

There are two things you can do here, your choice but both are 'good to know':
1. Increase the disk space (latest version of appliance supports this feature). I have attached a doc on how to accomplish this - please see page 53.

2. Change the settings related to data expiration. This is the best way of deleting data from SC automatically. Please have a quick look at these options below and set them up according to your needs/setup on SC. This will help you bring down disk usage drastically.

Please have a look here and change the number of days by logging in as admin -> configuration -> expiration

Active: Active scanning data is stored in a repository from Nessus scans ( :/opt/sc4/repositories/<repoID>/hdb.* ) Example:  :/opt/sc4/repositories/1/hdb.*

Passive: Does this apply to you?
FYI PVS data is stored in the "active" repository /opt/sc4/repositories/<repoID>/hdb* ) Example:  :/opt/sc4/repositories/1/hdb.*

Compliance: Data derived from an .audit file plugin id 1,000,000 or higher stored in the "active" repository /opt/sc4/repositories/<repoID>/hdb* )  :Example: /opt/sc4/repositories/1/hdb.*

Mitigated: Separate data store from active repository ( :/opt/sc4/repositories/<repoID>/hdb-Patched.* ) Example: :/opt/sc4/repositories/1/hdb-Patched.*

Vulnerability Trending data: This setting can consume a lot of disk on the SC console.
This item creates daily snapshot of the active repository These files can be found here on the filesystem:  :/opt/sc4/repositories/<repoID>/VDB/<date>/ Example:  :/opt/sc4/repositories/1/VDB/2012-06-12/
for items that use trending data reports and such these files are not compressed for performance purposes.

Closed Tickets: Are you using SC4 for ticketing?
Scan results: Individual scan results. Once a scan is imported SC does no processing of that scan data unless told to so by the user.

Individual scan results can be found here on the file system:  :/opt/sc4/orgs/<orgID>/VDB/<date>/scanid* Example:  :/opt/sc4/orgs/1/VDB/2012-06-12/43522*
It can be useful time to time to see what the single scan found on that day vs the data of the repository.

Report results: Reports that an Individual may run are not deleted automatically unless with this setting.
A users report files can be found here on the file system  :/opt/sc4/orgs/<orgID>/users/<userID>/reports Example:  :/opt/sc4/orgs/1/users/1/reports

 - Trending data is what generally grows the most. This can be controlled by adjusting the number of days retention logged in as admin under System-> Configuration->Data Expiration->Vulnerability Trending Data value; after changing this to a lower value, data older than X days will be removed during the next nightlyCleanup job.
 - You can also disable trending per repository by going to Repositories->Repositories, selecting the repository you want to disable trending on, click Edit, then uncheck "Trending". If trending was enabled before, the old trending data will still be saved until the data expiration threshold value is reached then it will gradually be removed with each passing day until it is finally all gone.
5 RakshaTec: Managing Disk Space on Appliance for SecurityCenter There are two things you can do here, your choice but both are 'good to know': 1. Increase the disk space (latest version of appli...

No comments:

Post a Comment

< >