Table Of Contents
Administering the Database
Pruning the Database
Configuring Pruning Settings
Viewing Pruning Status Messages
Truncating the Sybase Database .log file
Using Database Rules
Adding a Database Rule
Editing a Database Rule
Viewing Database Rule Details
Deleting a Database Rule
File Management Configuration
Redirect Backup Files Away from the Database Disk
Administering the Database
This chapter details how to perform basic management functions on the Management Center for IPS Sensors (IPS MC) database.
Caution 
Attempts to connect to the database directly can cause performance reductions and unexpected system behavior. We strongly recommend that you avoid attempting to connect to the database directly. Also, do not run SQL queries against the database.
This chapter contains the following topics:
•Pruning the Database
–Configuring Pruning Settings
–Viewing Pruning Status Messages
•Truncating the Sybase Database .log file
•Using Database Rules
–Adding a Database Rule
–Editing a Database Rule
–Viewing Database Rule Details
–Deleting a Database Rule
•File Management Configuration
–Redirect Backup Files Away from the Database Disk
Pruning the Database
You can configure pruning settings and view pruning status messages. This section contains the following tasks:
•Configuring Pruning Settings
•Viewing Pruning Status Messages
Configuring Pruning Settings
You can configure pruning so that database tables do not grow larger than a specified maximum size.
To configure pruning settings, follow these steps:
Step 1 Select Admin > Data Management.
The Admin page appears.
Step 2 Click Data Management.
The Data Management page appears.
Step 3 In the TOC, select Database > Pruning Configuration.
The Pruning Configuration page appears.
Step 4 For the Progress Viewer table, specify the maximum size. Then, click Apply.
Step 5 For the Audit Log table, specify the maximum size.
Caution Setting the Audit Log table size larger than 2,000,000 may cause performance degradation.
Step 6 When you finish configuring the pruning settings, click Apply.
Alternatively, you can click Reset to reset the settings to their last saved value, or you can click Restore Defaults to reset the settings to their default values.
Viewing Pruning Status Messages
You can monitor the database by viewing pruning status messages.
To view pruning status messages, follow these steps:
Step 1 Select Admin > Data Management.
The Admin page appears.
Step 2 Click Data Management.
The Data Management page appears.
Step 3 In the TOC, select Database > Pruning Status.
The Pruning Status page appears. Each message in the table displays time and message type.
Tip To refresh the display of pruning status messages, click Refresh.
Truncating the Sybase Database .log file
The system uses log files for temporary data storage and for error messages and state information. Because log files reside on the same disk as the database, you must monitor them; also, you must manage their size by periodically truncating them to ensure that the database has enough room to operate. This procedure describes how to truncate the Sybase database .log file.
To truncate the Sybase database .log file, follow these steps:
Step 1 Ensure that the dbServer service is running on the server where the system is running:
a. In the window containing CiscoWorks (not the window containing IPS MC or Monitoring Center for Security (Security Monitor)), select Server Configuration > Administration > Process Management > Process Status.
The Process Status window appears. The Process Status window shows the status of all processes, with automatic processes in alphabetical order followed by transient processes in alphabetical order.
b. In the Process Name column, look for ASANYs_SqlCoreDB, which is the name of the dbServer service.
c. In the State column, look for an indication that the dbServer service is running, such as Program started - No mgt msgs received.
Step 2 Open a command window on the server where the system is running.
Step 3 Execute the following command:
dbbackup -xo -c "uid=idsmdc;pwd=<PASSWORD>;dbn=idsmdc;eng=sqlcoredbserver;links=tcpip{dobroadcast=no;host=localhost;port=10033}"
In this command, <PASSWORD> is the system database password supplied during installation.
Using Database Rules
You can add, edit, view, and delete database rules. This section contains the following tasks:
•Adding a Database Rule
•Editing a Database Rule
•Viewing Database Rule Details
•Deleting a Database Rule
Adding a Database Rule
You can use database rules to configure IPS MC to take an action at daily intervals or when a database threshold that you have defined is met. That action can be to send an email notification or to log a console notification event.
To add a database rule, follow these steps:
Step 1 Select Admin > Data Management.
Step 2 In the TOC, select Database > Rules.
The Database Rules page appears.
Step 3 Click Add.
The Enter Rule Name page appears.
Step 4 Enter a name for the rule. You may also enter a comment to be associated with this rule.
Tip If you do not enter a rule name, the system names the rules "Rule1," "Rule2," and so on.
Step 5 Click Next >.
The Choose the Actions page appears.
Step 6 Specify the action for IPS MC to take when the specified threshold is met. You can select more than one action. When you select an action to take, the Choose the Actions table expands to display the associated fields. These are described in the following substeps:
a. To send an email notification when the specified threshold is met, select the Notify via Email check box. Then, enter the email address for the recipient(s) in the Recipient(s) field. If you enter more than one email address, separate the addresses with commas. Enter the subject for the message in the Subject field and the message body text in the Message field. In the Subject and Message fields you can use the keyword substitutions, as follows:
Table 10-1 Keyword Substitutions
Keyword
|
Description
|
${RuleName}
|
The name of the event rule.
|
${RuleDescr}
|
The description of the event rule.
|
${Filter}
|
The query filter for the event rule.
|
${Interval}
|
The query interval for the event rule.
|
${Initial}
|
The initial threshold for the event rule.
|
${Repeat}
|
The repeat threshold for the event rule.
|
${DateStr}
|
Date stamp for when the event rule was triggered, based on the server-local time. The date stamp appears in YYYY/MM/DD format.
|
${TimeStr}
|
Time stamp for when the event rule was triggered, based on the server-local time. The time stamp appears in HH:MM:SS TZ format, where HH is in 24-hour form and TZ is always UTC.
|
${GmtDateStr}
|
The Greenwich Mean Time (GMT) date stamp for when the rule was triggered in YYYY/MM/DD format.
|
${GmtTimeStr}
|
GMT time stamp for when the event rule was triggered in HH:MM:SS TZ format, where HH is in 24-hour form and TZ is always UTC.
|
${MsgCount}
|
The number of matches that occurred in the current interval causing this rule to be triggered.
|
${Threshold}
|
The threshold that was met, causing the event rule to be triggered. This value is the same as either ${Initial} or ${Repeat}.
|
Note The keyword matching (inside the brackets) is case-insensitive.
|
b. To log a console notification to the audit log when the specified threshold is met, select the Log a Console Notification Event check box. Then, enter your username in the User Name field. Select an alarm event level from the Severity list box and enter a message in the Message field. You can use the keyword substitutions listed in Table 10-1.
Tip To view the console notification messages, run the Console Notification Report on the Reports > Generate page.
Step 7 Click Next >.
The Specify the Trigger Conditions page appears.
Step 8 Specify the trigger threshold at which the system takes the action(s) you have specified by selecting one of the radio buttons and specifying additional information, as detailed below.
a. To trigger an action when the database exceeds a specified size, click the One or more of the following conditions are met radio button and then select the Database used space greater than (megabytes) check box. Specify the database size, in megabytes, that will trigger that action.
b. To trigger an action when the database free space is less than a specified size, click the One or more of the following conditions are met radio button and then select the Database freespace less than (megabytes) check box. Then, specify the database freespace size, in megabytes, that will trigger that action.
c. To trigger an action when the total number of IDS events in the database exceeds a specified number, click the One or more of the following conditions are met radio button and then select the Total Audit Log events in database exceed check box. Then, specify the number of Audit Log events that will trigger that action.
d. To trigger the action to occur on a scheduled basis, select the At Scheduled Date check box. Then, specify the date and time to start the action. The date is specified in month, day, and year format. The time is specified in hours, minutes, and seconds as 24-hour time.
To trigger the action on a repetitive schedule, select the Repeat every check box and then enter the number in the field and select type of units of time from the drop-down list. For example, to specify "Repeat Every 4 days" you enter the number 4 and select "Day(s)".
e. To trigger the action as soon as the rule is finished, click the Now radio button.
Step 9 Click Finish.
The system displays a success notification message, adds the database rule, and displays its details in the Database Rules table.
Editing a Database Rule
Editing a database rule is similar to Adding a Database Rule. The edit database rule wizard takes you through the same panels that you used to add the database rule.
To edit a device configuration, follow these steps:
Step 1 Select Admin > Data Management.
Step 2 In the TOC, select Database > Rules.
The Database Rules page appears.
Step 3 Select the database rule that you want to edit, and then click Edit.
The Enter Rule Name page appears.
Step 4 Make changes to the fields that you want to revise. Click Next to access the next page to make changes.
Step 5 To save your changes, click Finish at the end of the progression of pages.
Viewing Database Rule Details
This procedure provides the basic steps for viewing detail information for a database rule. You cannot edit database rules from the View Database Rule page.
To view a database rule, follow these steps:
Step 1 Select Admin > Data Management > Database > Rules.
The Database Rules page appears.
Step 2 Click the name of the database rule that you want to view.
The View Database Rule page appears. Detailed information about the rule appears in the Information for Database Rule table.
Deleting a Database Rule
You can delete database rules that you no longer want to use.
To delete a database rule, follow these steps:
Step 1 Select Admin > Data Management.
Step 2 In the TOC, select Database > Rules.
The Database Rules page appears.
Step 3 Select the radio button that corresponds to the database rule you want to delete.
Step 4 Click Delete.
The database rule is deleted from IPS MC.
File Management Configuration
IPS MC stores data in a database on a local disk. Disk space requirements and query time increase with the amount of data stored. Also, tasks such as database compaction and backup require additional free disk space.
This section contains the following topics:
•Redirect Backup Files Away from the Database Disk
Redirect Backup Files Away from the Database Disk
The VMS/Security Management Solution makes backup copies of the databases and certain other files of the installed management and monitoring centers to a time-stamped directory, which is located on the installation disk by default. Regularly scheduled backups can quickly consume a large amount of disk space, adversely affecting the performance of the installed management and monitoring centers. You can prevent this problem by changing the default location of the backups to a separate local disk or to a mounted network drive.
To change the default destination for the backups, follow these steps:
Step 1 From the CiscoWorks Server Desktop, select VPN/Security Management Solution > Administration > Common Services > Preferences.
The Administrative Preferences page appears.
Step 2 Enter a new path in the Backup Directory field. The path should be to another local disk or to a mounted network drive.
Step 3 Click Apply.
A confirmation dialog box appears.
Step 4 Click Yes to confirm the change, and then click OK to return to the Administrative Preferences page.
