You are here: Features > Configuration > Storage Configuration

Storage Configuration

The Storage section shows the database location, silo size, and number of silos, and also contains the archiving configuration information.

Option Description

Database Directory

Specifies the location of the LCE database directory.

Silo Size

Specifies the maximum amount of data from matched log events that will be stored in one indexed file (silo). Choose the “MB” to specify megabytes. For example, entering 10240, and choosing MB specifies the maximum silo size of 10 Gigabytes. Choosing “GB” specify gigabytes. For example, entering 1, and choose “GB” specifies 1 gigabyte. By default, this is set to 10G.

When considering silo size, it is suggested that the total number of silos for the license should not be exhausted more than once in a single month.

Number of Silos

Specifies the number of silos that lced will create. The maximum number of silos that can be created is 1024 for a 10 TB license, 512 for a 5 TB license, and 103 for a 1 TB license. When configuring this setting, consider the silo-size setting and maximum disk space available for storage. Example: 1 TB is available for storage and silos configured for 10 GB would allow for a maximum of 102 silos before disk exhaustion.

Enable Archiving

This option allows the archive functionality of LCE to be enabled or disabled.

If there is insufficient disk space on the silo archive device, LCE will no longer attempt to save a silo before overwriting. If this occurs, log messages will be generated warning of the event. The event alerting functionality of LCE can be leveraged to automatically notify concerned individuals (e.g., email alert) when this sort of event occurs. Please reference the section of this document titled Event Rules for more information.

Location

If the archive functionality is enabled in LCE a location for the archive files must be specified. An example of an archive location is shown below:

Example:

/opt/lce/silo_archive

Save Index

This option specifies if the LCE database index files are to be saved for faster searching of archived silos. The Save Database option must be selected for this option to be selectable.

Save Raw Logs

This option specifies if the LCE raw log files are to be saved. These files contain the original matched log messages before normalization.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.