IDS/IPS alerts generated through the Crystal Eye’s IDS/IPS engine are saved in the form of indexes or report files and are stored in the Crystal Eye. The Log Processing and Reporting application is used to manage these indexes and report files in order to create backup for further references.
The Log Processing and Reporting app can be controlled from four sections, namely, Index Backup Configuration section, Index Size Limit section, Index Listing section, and Local Restored Indexes section.
The Index Backup Configuration section allows Crystal Eye administrators to know whether index backup is available and specifies the Index Backup Path. In addition to this, the Auto Restore Index can be enabled and disable from here.
The Index Size limit section helps in setting limits on how much Giga Bytes (GB) or Mega Bytes (MB) worth of index data can be stored in the Local Storage of the Crystal Eye appliance. The application also provides insights into the Current Index Space Usage and the Restored Indexes Space Usage.
The Index Listing section provides details about the current indexes stored at the local storage of the Crystal Eye appliance.
The Local Restored Indexes section provides details about the indexes that are restored from the external storage.
Note: All index files or the IDS/IPS alert files that are stored in Crystal Eye is automatically retrieved as and when they are required.
|Left-hand Navigation Panel > Security Configuration > Intrusion Protection & Detection > Log Processing and Reporting|
The Index Backup Configuration section provides information about the availability of the backup and specifies the storage path. Apart from this, the index backup can also be enabled or disabled form this section. The index backup here are essentially IDS/IPS alert files backup.
Where to find the index backup availability status and the index backup path?
How to Enable/Disable Auto Restore Index? Step 1: In the Log Processing and Reporting application page, click the Edit button in the Index Backup Configuration section.
Note: Index Backup Path and Backup Status (Available or Not Available) is displayed in the Index Backup Configuration section.
Step 2: You will now see the Index Backup Configuration section. Select Enable/Disable from the Auto Restore Index dropdown and click the Update button.
The Index Size Limit is used to specify the limit of the files backup in terms of the space occupied by these files. If the index file size (IDS/IPS alerts file size) exceeds the limit, the files are removed. However, the removed files get restored automatically as and when IDS/IPS alert reports are generated.
How to Set the Storage Size Limit for IDS/IPS Alert Report Backup?
Step 1: In the Log Processing and Reporting application page, click the Edit button of the Index Size Limit section. Step 2: You will now see the Index Size Limit section. Enter the storage limit in the Set Limit text box and click the Update button.
Note: After entering the storage limit in numbers mention GB or MB whichever applicable.
How to Delete Index Report /Where to View the Index Report Name and the Space Used by it?
Step 1: In the Index Listing section, click Delete button to delete the stored index report.
Note: In the Index Listing Table, view the Index File Name in the first row, and the Space Used details in the second row.