McAfee GUARD DOG 2 Guía de instalación descargar pdf (Pagina 19)

McAfee

IntruShield

IPS System IntruShield Best Practices

Special Topics: Best Practices Maintenance, backup, and database tuning

Purge.bat

The purge.bat enables on-demand deletion of alerts and packet log data from your

database. Alerts and packet logs can be deleted that are older than a specified number

of days, or if they have been marked for deletion via the Alert Viewer tool.

Purge.bat also offers to automatically start dbtuning.bat immediately after the purge is

completed.

Using the File Maintenance scheduler

A best-practice suggestion is to wait for 97 days of data and then on a recurring 7-day

period run the purge.bat and dbtuning.bat—this will delete alerts already marked for

deletion (from the Alert Viewer) as well as alerts older than 90 days. Scripts have to be

run off-line (i.e., Manager service stopped) to release the lock from the database.

If automatic File Maintenance is used to delete alert and packet log data it is

recommended that a large value -such as 90, as in 90 days—is entered in the

“Scheduled Deletion” column for the Alert & Packet Log Data option. This allows for

long-term analysis of alerts and logs without overburdening your database with millions

of alerts, which may affect long-term and overall database performance. By setting the

value to 90 days, all alerts and packet logs older than 90 days are deleted at the weekly

maintenance scheduler time.

Apart from the database data, Intrushield Manager creates a group of administration

files that must be maintained regularly. These include Diagnostic files, DoS files

(profiles) and Data Mining files (for Trend Reporting) among others. It is a best practice

to schedule the deletion of the oldest of these files on an on-going basis. This can be

accomplished using the Maintenance scheduler.

Backup

McAfee recommends the following approach to backing up IntruShield data and

configurations:

 Back up Manager data either within the Manager server (Intrushield\Backups folder)

or preferably on external media.

 Back up all information, including configurations, alerts, and audits.

 Implement a schedule for backups using the Backup scheduler. Backing up config

tables weekly is recommended. (Be sure to schedule this at a time when other

processes will not be running concurrently.)

 As the 'All Tables' and 'Audit and Alert Tables' options can be rather large in size

(depending upon the amount of alert data in the database) these types of backups

should be saved off the Manager server.

 Saving the 'All Tables' settings monthly is strongly recommended.

 Protect backups from tampering by creating a digital fingerprint of the file using a

hash function such as MD5 or SHA-1.

Tip

See Chapter 6 and Appendix B of the Manager Administrator’s Guide for more

information on file maintenance.

1 2 ... 14 15 16 17 18 19 20 21 22 23 24 25

Comentarios a estos manuales

Sin comentarios

McAfee GUARD DOG 2 Guía de instalación Pagina 19

Comentarios a estos manuales

Relacionado con productos y manuales para No McAfee GUARD DOG 2