The event log store uses a federated system, with each host server maintaining its own local event log store and the ability to contact other stores in your environment. When you query a server for event information, it can search its own local event log store as well as all others connected through the federation. This arrangement allows for flexible storage and archiving of event data.
The event log store archive settings let you specify how often data is archived and where it is stored. Both hot (active) event log stores and warm (archived) event log information are queried. Event information in cold storage (remote) is not queried.
You can configure the following event log store and archiving settings:
Sets the maximum number of events your event log store hot database can contain. When the event count reaches this value, the event log compresses all event information in the hot database and moves it to the warm database.
Minimum: 50000
Maximum: 100000000
Sets the number of days archived files are retained in the archive before being deleted.
Minimum: 1
Maximum: 28000
Defines the percentage of remaining disk space which triggers automatic deletion of the oldest archive files. For example, the default value is 10. When the available event log store space falls below 5 percent, the event log removes the oldest archive files to make more room.
Minimum: 10
Maximum: 90
Defines the number of hours a file restored to the archive (defrosted) is retained in the event log store before deletion
Minimum: 0
Maximum: 168
Controls which of the available summarization or suppression rules are applied to received events. An administrator must apply new summarization or suppression rules before they can begin refining events.
Controls which of the available event forwarding rules are applied to received events.
Controls which of the available event log stores are set as children of the current server. This setting lets you set up separate federation "trees", controlling query access levels. It is only available as a local setting.
Logging settings control how individual CA User Activity Reporting Module modules record internal messages. They are only available as local settings. Logging settings are usually used for troubleshooting purposes. It is not normally necessary to change these settings. It is important to have a good understanding of log files and logging before doing so.
Defines the type and level of detail recorded in the logging file. The drop-down list is arranged in order of detail, with the first choice providing least detail, and the last providing most detail.
Controls whether the Log Level setting overrides all log settings from the log properties file. This setting only applies when the Log Level setting is lower (showing more detail) than the default setting.
Auto Archive Settings enable and control scheduled database archiving jobs, which move warm databases to a remote server.
Note: Before you move scheduled database jobs from one CA User Activity Reporting Module server to another, or to a remote server, you must configure non-interactive authentication between the servers. See the Configuring Non-interactive Authentication section of the CA User Activity Reporting Module Implementation Guide for more information.
You can set the following auto archive values:
Sets an auto archive job to run. The auto archive uses the scp utility as controlled by the other settings.
Controls the backup type: A full archive that copies all database information, or an incremental archive that copies all databases that have not yet been backed up.
Default: Incremental
Specifies whether the archive job runs daily or hourly. A daily job runs at the time you set using the Start Time clock. An hourly job runs every hour on the hour.
Sets the time a daily archive job runs, in whole hours, based on the local sever time. The value is a 24-hour clock.
Limits: 0-23, where 0 means midnight and 23 means 11:00 p.m.
Specifies the user who can perform an archive query, recatalog the archive database, run the LMArchive utility, and the restore-ca-elm shell script. This user must be an Administrator.
Default: Log Manager administrator user
Specifies the password for the user who has the rights defined in the EEM user field.
Specifies the hostname or IP Address of the remote server to which the auto archive job copies the database information.
Specifies the username that the scp utility uses to connect to the remote server.
Default: caelmservice
Specifies the archive file destination on the remote server.
Default: /opt/CA/LogManager
Specifies whether the remote server is a management server or not. If it is, the auto archive job deletes the databases from the local machine when the transfer is complete. It then notifies the remote machine to perform a recatalog.
Controls how wide a time variance is tolerated for the creation of incidents. The Drift End Time and Drift Start Time values allow you to set a value after the current <CALM >server time (future) and before the current CA User Activity Reporting Module server time (past). If an event falls outside that window it is not forwarded for correlation.
Note: The event reception span values are not considered for counting rules. Counting rules only consider events ahead up to 5 minutes. Events with timestamps ahead by more than 5 minutes are ignored, regardless of the Drift End Time value.
|
Copyright © 2013 CA.
All rights reserved.
|
|