Log Processing and Reporting


IDPS alerts generated through the Crystal Eye’s IDPS engine are saved in the form of indexes or report files and are stored in the Crystal Eye XDR. The Log Processing and Reporting application is used to manage these indexes and report files to create backup for further references.

The Log Processing and Reporting app can be controlled from four sections, namely, Size Limit section, Index Listing section, and Local Restored Indexes section.

The Index Size limit section helps in setting limits on how much Giga Bytes (GB) or Mega Bytes (MB) worth of index data can be stored in the Local Storage of the Crystal Eye XDR appliance. The application also provides insights into the Current Index Space Usage and the Restored Indexes Space Usage.

The Index Listing section provides details about the current indexes stored at the local storage of the Crystal Eye XDR appliance.

The Local Restored Indexes section provides details about the indexes that are restored from the external storage.

Note: All index files or the IDPS alert files that are stored in Crystal Eye is automatically retrieved as and when they are required.


The Log Processing and Reporting application is installed by default and can be accessed from the left-hand navigation panel.


Left-hand Navigation Panel > Security Configuration > Intrusion Protection & Detection > Log Processing and Reporting crystal-eye-xdr-navigation-LogProcess


The Index Size Limit is used to specify the limit of the files backup in terms of the space occupied by these files. If the index file size (IDPS alerts file size) exceeds the limit, the files are removed. However, the removed files get restored automatically as and when IDPS alert reports are generated.

How to Set the Storage Size Limit for IDPS Alert Report Backup?

Step 1: In the Log Processing and Reporting application page, click the Edit button of the Index Size Limit section. crystal-eye-xdr-IDPS-Alert-Backup1

Step 2: You will now see the Index Size Limit section. Enter the storage limit in the Set Limit text box and click the Update button. crystal-eye-xdr-IDPS-Alert-Backup2

Note: After entering the storage limit in numbers mention GB or MB whichever applicable.

How to Delete Index Report /Where to View the Index Report Name and the Space Used by it?

Step 1: In the Index Listing section, click Delete button to delete the stored index report. crystal-eye-xdr-handling-index-report

Note: In the Index Listing Table, view the Index File Name in the first row, and the Space Used details in the second row.