Incidents are stored in the Postgres DB called annoDB.
There is no automatic maintenance, the table can become large and impact performance.
Incidents are stored in the Postgres DB called annoDB. To connect to this database for manual maintenance switch user to rsawtd (sudo su - rsawtd) connect to the db:
$ psql -d silvertail -U silvertail -p 7078
The default password is silvertail, but this should have been changed during install and setup.
from here you can use regular sql and postgres rdbms commands, eg
silvertail=> \d incidents;
Table "public.incidents"
Column | Type | Modifiers
--------------------+-----------------------------+---------------------
--------------------+-----------------------------+---------------------
--------------------+-----------------------------+--------------
id | integer | not null default nextval('incidents_id_seq'::regclass)
name | text |
detail | text |
category | text |
tenantid | text |
priority | integer |
status | integer |
txn_url | text |
ip_address | text |
incident_user | text |
incident_timestamp | timestamp without time zone |
rule_name | text |
rule_comment | text |
accuracy | integer | default 1
source | integer |
last_update_time | timestamp without time zone | default now()
Indexes:
"incidents_pkey" PRIMARY KEY, btree (id)
psql uses fairly standard SQL commands:
silvertail=> select id,name,incident_timestamp,status from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '30 days') and status = 3;
Note status has the following meaning:
1 = Open
2 = In Progress
3 = Closed
silvertail=> select count (id) from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '3 days') and status = 3;
silvertail=> delete from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '30 days') and status = 3;
After you have cleaned up you might want to consider compacting the storage.
silvertail=> SELECT
relname as "Table",
pg_size_pretty(pg_total_relation_size(relid)) As "Size",
pg_size_pretty(pg_total_relation_size(relid) - pg_relation_size(relid)) as "External Size"
FROM pg_catalog.pg_statio_user_tables ORDER BY pg_total_relation_size(relid) DESC;
Please note that to compact the db you will need to connect as the superuser, either change the role of silvertail or login as user postgres. Please consult postgres documentation for more details.
The command is:
silvertail=# vacuum full
Related Articles
Events and incidents mark as deleted automatically Number of Views Email Phishing Security Incident Alert – November 8, 2024 Number of Views How to change provider name from 'Chrysalis-ITS Inc.' to 'SafeNet Inc.' after upgrading Luna hardware and software? Number of Views Informatica Inc. - SAML SSO Agent Configuration - RSA Ready SecurID Access Implementation Guide Number of Views Computer Security Products Inc. CSP Authenticator 4.00 - Login Screenshots - RSA Ready Implementation Guide Number of Views
Trending Articles
RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Configuring a Checkpoint firewall to work with SecurID RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager Patch Updates Unable to login to RSA Authentication Manager Security Console as super admin
