Storage
Data Pruning
These settings define how long to store Event records and Counters, older Security Updates, and other stored objects before purging them from the database.
With respect to the Event settings, your decisions should be based on the robustness of the database system you are using, the amount of available storage space, and which events you have decided to log.
Some tips on Event logging:
- Modify the amount of log collection for computers that are not of interest. This can be done in the Events and Advanced Network Engine Settings areas on the Policy/Computer Editor > Settings > Network Engine tab.
- Consider reducing the Event logging of Firewall Rule activity by disabling the Event logging options in the Firewall Stateful Configuration. (For example, disabling the UDP logging will eliminate the unsolicited UDP log entries)
- For Intrusion Prevention Rules the best practice is to log only dropped packets. Logging packet modifications may result in a lot of log entries.
- For Intrusion Prevention Rules, only include packet data (an option in the Intrusion Prevention Rule's Properties window) when you are interested in examining the source of attacks. Otherwise leaving packet data on will result in much larger log sizes.
Counters are data aggregated from the Event logs. They are used to generate Reports and populate the Dashboard widgets.
Server Logs are a record of the Vulnerability ProtectionDeep Security Manager web server activity. They do not contain information related to the security of the computers on your network.