Silo Archiving

Configuration

  • Total size of activeDb is limited by config attribute active-size (default: 20 TB).
  • Total size of archiveDb is limited by config attribute archive-size (default: 20 TB).

Control Flow

Every 2.5 minutes, Tenable Log Correlation Engine will:

  1. Read in the results of the last-executed action, from Tenable Log Correlation Engine status database.

  2. Choose the next action to take based on the last-executed action.

  3. Perform the next action and store results in Tenable Log Correlation Engine status database.

Storing the state in this manner has the following advantages:

  • simplicity (no separate logic to handle reloads/restarts is needed)

  • transparency (to see exactly where the archival algorithm is, just query the Tenable Log Correlation Engine status database.)

  • available emergency override (can alter the control flow by updating the Tenable Log Correlation Engine status database.)

    Note: This is not standard operating procedure and should only be performed in very rare cases.

Tenable Log Correlation Engine waits a maximum of 60 minutes for an archive job to complete in order to avoid being stuck in the CheckArchiveDone state indefinitely in the rare case that PostgreSQL fails to report an archive job as complete.

Note: Archiving a silo normally takes 6 to 8 minutes.

Example archival-manager --list-snapshots Output