|
|
|
The event log store uses a federated event log store system, with each host server maintaining its own local event log store and the ability to contact other event log stores in your environment. When you query a server for event information, it can search its own local event log store as well as all others connected through the federation. This arrangement allows for flexible storage and archiving of event data.
The event log store archive settings let you specify how often data is archived and where it is stored. Both hot (active) event log stores and warm (archived) event log information are queried. Event information in cold storage (remote) is not queried.
You can configure the following event log store and archiving settings:
Sets the maximum number of events your event log store's hot database can contain. When the event count reaches this value, the event log compresses all event information in the hot database and moves it to the warm database.
Minimum: 50000
Maximum: 100000000
Sets the number of days archived files are retained in the archive before being deleted.
Minimum: 1
Maximum: 28000
Defines the percentage of remaining disk space which triggers automatic deletion of the oldest archive files. For example, the default value is 10. When the available event log store space falls below 5 percent, the event log removes the oldest archive files to make more room.
Minimum: 10
Maximum: 90
Defines the number of hours a file restored from an outside backup source to the archive (defrosted) will be retained in the event log store before being deleted.
Minimum: 0
Maximum: 168
Controls which of the available summarization or suppression rules are applied to received events. New summarization or suppression rules must be applied by an administrator before they begin refining events.
Controls which of the available event forwarding rules are applied to received events.
Controls which of the available event log stores are set as children of the current server. This lets you set up separate federation "trees", controlling query access levels. This setting is only available as a local setting.
Logging settings control how individual CA Enterprise Log Manager modules record internal messages. They are only available as local settings. Logging settings are usually used for troubleshooting purposes. It is not normally necessary to change these settings, and you should have a good understanding of log files and logging before doing so.
Defines the type and level of detail recorded in the logging file. The drop-down list is arranged in order of detail, with the first choice providing least detail, and the last providing most detail.
Controls whether the Log Level setting overrides all log settings from the log's properties file. This setting only applies when the Log Level setting is lower (showing more detail) than the default setting.
Auto Archive Settings enable and control scheduled database archiving jobs, which move warm databases to a remote server.
Note: Before you move scheduled database jobs from one CA Enterprise Log Manager server to another, or to a remote server, you must configure non-interactive authentication between the servers. See the Configuring Non-interactive Authentication section of the CA Enterprise Log Manager Implementation Guide for more information.
You can set the following auto archive values:
Sets an auto archive job to run. The auto archive uses the scp utility as controlled by the other settings.
Controls the backup type: A full archive that copies all database information, or an incremental archive that copies all databases that have not yet been backed up.
Default: Incremental
Specifies whether the archive job runs daily or hourly. A daily job runs at the time you set using the Start Time clock. An hourly job runs every hour on the hour.
Sets the time a daily archive job runs, in whole hours, based on the server's local time. The value is a 24-hour clock.
Limits: 0-23, where 0 means midnight and 23 means 11:00 p.m.
Specifies the user who can perform an archive query, recatalog the archive database, run the LMArchive utility, and run the restore-ca-elm shell script to restore archive databases for examination. This user must be assigned the predefined role of Administrator or a custom role associated with a custom policy that permits the edit action on the Database resource.
Default: Log Manager administrator user
Specifies the password for the user who has the rights defined in the EEM user field.
Specifies the hostname or IP Address of the remote server to which the auto archive job copies the database information.
Specifies the username that the scp utility uses to connect to the remote server.
Default: caelmservice
Specifies the archive file destination on the remote server.
Default: /opt/CA/LogManager
Specifies whether the remote server is a management server or not. If it is, then the auto archive job will delete the databases from the local machine when the transfer is complete and notify the remote machine to recatalog itself.
Controls how wide a time variance is tolerated for the creation of incidents. The two values allow you to set a value after the current <CALM >server time (future) and before the current CA Enterprise Log Manager server time (past). If an event falls outside that window it is not forwarded for correlation.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |