The following registry values are created automatically in the FSA registry key when you install the FSA:
Type: REG_DWORD
Data: Defaults to 2. This determines the level of logging for file processing. For example, you can configure the FSA to only log errors or important system messages.
Log entries are written to the wgnfsa_<date>.log file. The log file is saved in CA's \data\log subfolder of the Windows All Users profile on the machine hosting the FSA.
The supported logging levels are:
1 Errors only
2 Errors and warnings
3 Errors and warnings, plus informational and status messages
Note: Setting LogLevel=3 will cause the log file to grow extremely rapidly. This level of logging is provided for testing purposes only.
Type: REG_DWORD
Data: Defaults to 10. This specifies the maximum number of log files. When the maximum number of log files exists and the maximum size of the latest is reached (see below), the oldest log file is deleted to enable a new one to be created.
Type: REG_SZ
Data: Defaults to 1,000,000. This specifies the maximum size for each log file. When the current log file reaches its maximum size, the FSA creates a new log file.
Type: REG_SZ
Data: Defaults to zero. This specifies how much time (as a percentage of total time) the FSA spends waiting, rather than reading file data from a disk. For example, to set waiting time to 30%, set this parameter to 30 (do not include a ‘%’ character).
This parameter enables you to restrict how much time the FSA spends reading data from disk. For example, if you specify 30% waiting time, then the FSA can only spend 70% of its time reading data. This can be useful to prevent network and system performance problems during intensive scanning operations (for example, when multiple jobs are running simultaneously or when multiple worker threads are scanning a single volume).
Type: REG_DWORD
Data: Defaults to 10. This specifies the number of concurrent ‘worker’ threads used by the FSA to analyze files.
Type: REG_DWORD
Data: Defaults to 0. If the first attempt to pass a file to the policy engine hub fails, this registry value determines how many times the FSA retries before writing a ‘file failure’ entry to the log. After a first failed attempt, files waiting to be retried are moved to the retry queue.
Such failures can occur when, for example, the hub has suspended operations because it has exceeded its maximum memory allocation. Likewise, a file can be timed out by the hub and passed back to the FSA if no policy engines are available to process the file.
Type: REG_DWORD
Data: Defaults to 0. If the first attempt to execute a control action on a file (typically ‘delete’) fails, this registry value determines how many times the FSA retries before writing a file failure entry to the log. For example, the FSA may be unable to delete a file because the file is open.
Data At Rest control actions can stipulate that a file is deleted or moved:
If the FSA is unable to delete a file, the file is moved to a retry queue. The FSA tries to delete the file again after the retry period expires (this defaults to five minutes; see below).
Note: If, as part of a file move operation, the FSA successfully copies a file but is then unable to delete the original version, this is recorded in the log file and the FSA only retries the delete operation.
Type: REG_DWORD
Data: Defaults to 300 (equivalent to five minutes). This parameter defines how long (in seconds) the FSA waits before retrying failed files in the retry queue. These files include:
Type: REG_DWORD
Data: Defaults to 600 (equivalent to ten minutes). This defines how long (in seconds) the FSA waits for a file to be successfully analyzed by a policy engine. The timeout starts when a file is added to the hub input queue.
If the FSA does not receive an acknowledgment from the hub that a file has been successfully processed before this timeout expires, the FSA flags the file as a failure and writes an entry to the log.
Note that files are processed asynchronously. The hub acknowledgement may call for a file to be deleted. This deletion is performed by the FSA and is not governed by this analysis timeout.
Type: REG_DWORD
Data: Defaults to 3. This specifies the number of overwrite operations for DoD deletions of files saved on fixed storage media (that is, hard disks).
Type: REG_DWORD
Data: Defaults to 3. This specifies the number of overwrite operations for DoD deletions of files saved on removable storage media, typically a USB portable hard drive.
Type: REG_SZ
Data: This specifies a DSN used by the FSA to connect to the Scanned File database. A default DSN is created when you install the FSA.
Type: REG_SZ
Data: This specifies the name of the server hosting the Scanned File database. This registry value is set during installation.
Type: REG_SZ
Data This specifies a DSN used by the FSA to connect to the NIST database. A default DSN is created when you install the FSA.
Type: REG_SZ
Data: This specifies the name of the server hosting the NIST database. This registry value is set during installation.
Type: REG_DWORD
Data: This specifies whether scanned items are passed to a local policy engine or a local policy engine hub. This value is set automatically when you install the FSA; it is set to zero if you install a Remote Policy Engine Connector; otherwise it is set to 1.
|
Copyright © 2014 CA.
All rights reserved.
|
|