Flat Log Process
The Flat Log option is a process to allow the Guardium® appliance to log information without immediately parsing it in real time.
This saves processing resources, so that a heavier traffic volume can be handled. The parsing and amalgamation of that data to Guardium's internal database can be done later, either on a collector or an aggregator unit.
- Flat Log by throttling mechanism. This feature is implemented by running the CLI command, store alp_throttle 1. The same policy that is applicable to real-time S-TAP traffic is used to process traffic that was logged by the flat log process. For Flat Log by throttling mechanism, do not select the Flat Log checkbox in the Policy Builder.
- Flat Log by policy definition. Selection of this feature involves and .
The following actions do not work with rules on flat policies: LOG FULL DETAILS; LOG FULL DETAILS PER SESSION; LOG FULL DETAILS VALUES; LOG FULL DETAILS VALUES PER SESSION; LOG MASKED DETAILS.
- Data is not parsed in real time.
- The flat logs can be seen on a designated Flat Log List report.
- Navigate to .
- Select the activity to perform:
- Process - Merge the flat log information to the internal database.
- Archive/Aggregation/Purge - Archive or aggregate, and optionally purge, the flat log.
- Purge Only - Purge the flat log data.
- Click Apply to save the configuration.
- For a Process activity, do one of the following:
- Click Run Once Now to merge the flat log information to the internal database immediately.
- Click Modify Schedule to define a schedule for this activity. You can select the start time, restart frequency, and repeat frequency. For the Schedule by.. field, you must select either Day/Week or Month. See Scheduling for more information about scheduling.