By default, Log Decoder metadb size and rollover threshold are 44 GB and 95%. This means that rollover will start automatically if metadb goes beyond around 41.8 GB.
The rollover is so important in order to prevent filesystems fulled.
However, the rollover is not working on defalut settings Log Decoder, because a parameter of "meta.free.space.min" is 3 GB by default.
The "meta.free.space.min" indicates that Log Decoder capture will be stopped if remained metadb size goes below the "meta.free.space.min".
By caluculation, 5% of default metadb is around 2.2GB which is smaller than 3GB of the default "meta.free.space.min".
This means that the rollover cannot start, because the remained metadb size reached the "meta.free.space.min" at first and then the capture stops.
In order to do rollover successfully, I experienced two options.
- Expanding the metadb (according to "Virtual Host Setup Guide")
- Changing the value of rollover threshold from 95%.
The option "b" is the followings;
<How to change the rollover threshold of metadb>
The following steps change the threshold to 80%.
1,In the Security Analytics menu, select Administration > Services.
2,Select a Log Decoder > System > Explore.
3,The Explore view is displayed.
3-1,Right click on the database in left side fileds.
3-3,Choose reconfig in the select box.
3-4,Input the following in Parameters,
type=meta percent=80 update=true
4,Select Explore > System.
5,The System view is displayed, click Shutdown Service.
6,After start the service, select System > Explore.
6-1,Click database > config.
6-2,Check the value around 35.2 GB and the color of black on /database/config.
As a result, the rollover will start when the remained metadb size goes below around 8.8GB (=20%) which is larger than the default "meta.free.space.min" (= 3GB).