Data Loss Prevention

 View Only

  • 1.  purge DLP database

    Posted Oct 14, 2010 04:49 AM

    the DLP DB table space became huge ; how can we purge certain interval on DB level 



  • 2.  RE: purge DLP database

    Posted Oct 15, 2010 04:33 AM

    First, You should know that automatic purging of X incidents is not supported. If you need to purge a lot of incidents, You could contact Symantec support for a solution, there is an un-supported script you could receive and user with your DBA's (With caution of course).

     

    About purging incidents in general, 

    Please see the following KB:

     

     

    Problem Summary
     
      In the Enforce UI incidents are marked for deletion. On a regular basis another process purges the marked incidents from the database.

     

    Solution
     
     

    Incidents deleted within the UI are purged from the Oracle database on a regular interval.

     

    The interval is controlled by the manager.properties

    com.vontu.manager.system.IncidentDeletion.delay=21600000
    com.vontu.manager.system.IncidentDeletion.period=86400000

     

     

    Both property values are milliseconds.

     

    The delay value is how long after the Enforce starts that the first purge occurs.

     

    The period value specifies how long after the first purge (and all subsquent purges) the next purge will occur.

     

    The above values specify a delay of 6 hours before the first purge,

    (6 hours * 60 min/hour * 60sec/min * 1000msec/sec  = 21600000 msec)

    and a period of 24 hours.

    (24 hours * 60 min/hour * 60sec/min * 1000msec/sec  = 86400000 msec)

     

    If the Enforce Server is started at 5PM, the initial incident purge will occur 6 hours later, at 11 PM that day.  All subsequent purges will occur 24 hours later, or 11 PM every day.

     

    NOTE:  Message components (attachments) are deleted when the related incidents are deleted.

     

     

    V10

     

     

    In V10 by default the purge kicks off at midnight.

    However, if you want to let the purge kick off at other times, let’s say 3 AM local time, then you have to modify the Manager.properties file by un-checking and modifying the following value

     

    FROM

     

    # IncidentDeletion.delay controls how long after the manager starts to first perform the task in milliseconds.

    # This controls when the subsequent executions will be performed. If commented out (default), the task will

    # be scheduled to first run at the next occurrence of midnight.

    #com.vontu.manager.system.IncidentDeletion.delay=43200000

     

    TO

     

    # IncidentDeletion.delay controls how long after the manager starts to first perform the task in milliseconds.

    # This controls when the subsequent executions will be performed. If commented out (default), the task will

    # be scheduled to first run at the next occurrence of midnight.

    com.vontu.manager.system.IncidentDeletion.delay= 10800000

     

    3 hours = 3 * 60 * 60 * 1000 = 10800000 milliseconds.

    Now the purge process will kick off every day at 3 AM.

     

     

    Kind regards,

    Naor Penso



  • 3.  RE: purge DLP database

    Posted Oct 21, 2010 04:19 AM

    i will try this :) 



  • 4.  RE: purge DLP database

    Posted Oct 21, 2010 05:11 AM

    dear naor : 

     

    i feel that the data deleted from the management center is not deleted from teh database at all because the database table space became full every a while. 

     

    do you know how can i check this ?

     

    regards