Flat Log Process
The Flat Log option is a process to allow the Guardium® appliance to log information without immediately parsing it in real time.
This saves processing resources, so that a heavier traffic volume can be handled. The parsing and amalgamation of that data to Guardium's internal database can be done later, either on a collector or an aggregator unit.
There are two Guardium features involving the Flat Log Process - Flat Log by policy definition and Flat Log by throttling mechanism.
Flat Log by throttling mechanism - This is the feature implemented by running the CLI command, store alp_throttle 1. The same policy that is applicable to real-time S-TAP traffic is used to process traffic that was logged into the GDM_FLAT_LOG table.
For Flat Log by throttling mechanism, the Flat Log checkbox should NOT be checked in Policy Builder.
Flat Log by policy definition - Selection of this feature involves the Policy Builder menu in Setup >Tools and Views and Flat Log Process menu in Manage > Activity Monitoring.
The following actions do not work with rules on flat policies: LOG FULL DETAILS; LOG FULL DETAILS PER SESSION; LOG FULL DETAILS VALUES; LOG FULL DETAILS VALUES PER SESSION; LOG MASKED DETAILS.
- Data will not be parsed in real time .
- The flat logs can be seen on a designated Flat Log List report.
- Navigate to .
- Select the activity to perform:
- Process - Merge the flat log information to the internal database.
- Archive/Aggregation/Purge - Archive or aggregate, and optionally purge, the flat log.
- Purge Only - Purge the flat log data.
- Click Apply to save the configuration.
- For a Process activity, optionally do one of the following:
- Click Run Once Now to merge the flat log information to the internal database immediately.
- Click Modify Schedule to define a schedule for this activity. You can select the start time, restart frequency, and repeat frequency. For the Schedule by.. field, you must select either Day/Week or Month. See Scheduling for more information about scheduling.