Hi Cezmi,
Thanks for the response and appreciate your response. But as per Ira,
When the table reaches the limit of alerts, the system performs "table switch", so oldest 250K of alerts are removed.
The tableswitch will occurs under these 2 conditions:
- the tablespace reaches 85%
- or the active table has 250,000 alerts
So I want to know,
@Ira Miga and
@Cezmi Cal , is there any way, we can check the tablespace capacity reached ?
------------------------------
Chintan Myakal
Sr.Cybersecurity Analyst
Mumbai
------------------------------
Original Message:
Sent: 07-29-2021 08:00
From: Cezmi Cal
Subject: Clearing ALERTS tablespace
Hi Chintan,
Please try to increase the Last Few Days field after opening Advanced Filter popup window and then click "Apply" button as below:
------------------------------
Cezmi Cal
technical support engineer
Barikat Cyber Security
Ankara
Original Message:
Sent: 07-28-2021 13:31
From: Chintan Myakal
Subject: Clearing ALERTS tablespace
Hello Ira,
I need alerts of 22nd July 2021 from our on premise WAF , but I am viewing alerts till 25th July 2021. Is there any chance, to get alerts of 22nd July ?
Regards
Chintan
------------------------------
Chintan Myakal
Sr.Cybersecurity Analyst
Mumbai
Original Message:
Sent: 07-02-2020 09:50
From: Ira Miga
Subject: Clearing ALERTS tablespace
Hi Richard,
I've just noticed that you are talking about ALERTS tablespace.
There are two tables that store the alerts in Imperva On-Premises Management Server.
When the table reaches the limit of alerts, the system performs "table switch", so oldest 250K of alerts are removed.
The tableswitch will occurs under these 2 conditions:
- the tablespace reaches 85%
- or the active table has 250,000 alerts
In your case, the first condition occurred first and has triggered the table switch.
This is a system event informing that a table switch has occurred for alert tablespace.
Of course, if this is happening a lot, we need to examine the MX logs to understand what is the reason for frequent table switches.
Also it is recommended to find the policy/ies that are generating high volume of alerts and change the configuration.
This can be done by the help of Support.
Best regards,
------------------------------
Ira Miga
Imperva
Knowledge Engineer
Original Message:
Sent: 07-02-2020 03:02
From: Ira Miga
Subject: Clearing ALERTS tablespace
Hi Richard,
It means that the MX server allocated space for audit is full and need to perform cleanup of the existing data in order to allow new audit data to be fetched by the MX from the GWs.
You can find the full procedure here:
https://imperva.my.salesforce.com/articles/Reference/Delete-Clean-Audit-Data
In addition, since the amount of collected audit data in the MX is large, you might need to reduce (per audit policy) the fast view period of saved days in the MX (default: 7 days).
Let me know if it helps,
------------------------------
Ira Miga
Imperva
Knowledge Engineer
Original Message:
Sent: 07-01-2020 06:14
From: Richard Bowden
Subject: Clearing ALERTS tablespace
Hi,
Anyone know how to clear space in the alerts table from the SecureSphere MX?
I have the following system event.
The Tablespace ALERTS has run out of space. Threshold of 85% has exceeded. Used space: 88%
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Richard Bowden
Aviva
------------------------------