Log flat
Log flat allows Guardium to log information without immediately parsing it.
This saves processing resources, so that a heavier traffic volume can be handled. The parsing and merging of that data to Guardium's internal database can be done later, either on a collector or an aggregator unit.
There are two Guardium features involving the Flat Log Process - Flat Log by policy definition and Flat Log by throttling mechanism.
Flat Log by throttling mechanism - This is the feature implemented by running the CLI command, store alp_throttle 1. The same policy that is applicable to real-time S-TAP traffic is used to process traffic that was logged into the GDM_FLAT_LOG table.
For Flat Log by throttling mechanism, the Flat Log checkbox should NOT be checked in Policy Builder.
Flat Log by policy definition - Selection of this feature involves the Policy Builder menu in Setup >Tools and Views and Flat Log Process menu in Manage > Activity Monitoring.
The following actions do not work with rules on flat policies: LOG FULL DETAILS; LOG FULL DETAILS PER SESSION; LOG FULL DETAILS VALUES; LOG FULL DETAILS VALUES PER SESSION; LOG MASKED DETAILS.
- Data will not be parsed in real time .
- The flat logs can be seen on a designated Flat Log List report.