Manager Pruning - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
3
4
Packet log database table indexing for MySQL databases
For maximum efficiency with a MySQL database, we suggest that you use the SQL
command shown below to index the iv_packetlog table in the database. This improves
performance during alert and packet log deletion, reducing the amount of time your system
is offline when you perform database cleanup tasks. Note that the index process is time-
consuming, and your system will be non-operational for the duration of the indexing
process.
Issue the following SQL command from the MySQL command line:

Manager Pruning

The
down and restarting Manager. The policy cache may get out of sync with the database due
to server errors, database errors, or client/server communication errors. Once you clear
the caches, it may take a few minutes to open a policy in the McAfee
Policy Editor [formerly IPS Policy Editor], because the applied policy must be re-cached.
The Clear Caches from the Manager page displays the following information:
•
•
•
Answer the following questions:
Is the Manager Down Or Off-Line (Y/N)?
e.
Note: The Manager service must be disabled prior to using purge.bat. If the
service is not disabled, the purge will not continue.
Do You Wish To Perform DB Tuning After The Purge Operation (Y/N)?
f.
Tip: You can perform DB tuning separately from the purge operation. For more
on DB tuning, see Database tuning.
Please Enter The Age Of Alerts And PacketLog Data To Delete (Num Days). For
g.
example, to delete alerts/packet logs older than 90 days, type 90.
Please Enter The Number of Days Of Data To Delete At A Time (Days
h.
Increments)?
Note: Incremental purging is available only on MySQL database installations.
Incremental purging is useful in cases where log data is large. In cases where
purging is aborted, data that has already been purged is not recovered.
Do You Wish To Purge Alerts/PacketLogs That Have Been 'Marked For Delete'
i.
Through The Threat Analyzer? [This Operation Will Increase The Amount Of
Time The Purge Operations Takes To Complete] (Y/N)?
You are about to delete Alerts And PacketLog Data Older Than {X} Days. You
j.
Have Selected To [INCLUDE/EXCLUDE] 'Marked For Delete' Alerts/Packet Log
Entries. Are you sure you want to proceed (Y/N)?
Re-start the Manager service after completion.
alter table iv_packetlog add index (creationTime);
Manager Pruning
action allows you to clear the attack and policy caches without shutting
Cached Exploit Attacks
: The number of attacks stored in Manager cache.
Cached IPS Policies
: The number of policies in Manager cache.
Names of Cached IPS Policies
: The names of policies in Manager cache.
142
Managing IPS settings
®
Network Security