Incidents are stored in the Postgres DB called annoDB.
There is no automatic maintenance, the table can become large and impact performance.
Incidents are stored in the Postgres DB called annoDB. To connect to this database for manual maintenance switch user to rsawtd (sudo su - rsawtd) connect to the db:
$ psql -d silvertail -U silvertail -p 7078
The default password is silvertail, but this should have been changed during install and setup.
from here you can use regular sql and postgres rdbms commands, eg
silvertail=> \d incidents;
Table "public.incidents"
Column | Type | Modifiers
--------------------+-----------------------------+---------------------
--------------------+-----------------------------+---------------------
--------------------+-----------------------------+--------------
id | integer | not null default nextval('incidents_id_seq'::regclass)
name | text |
detail | text |
category | text |
tenantid | text |
priority | integer |
status | integer |
txn_url | text |
ip_address | text |
incident_user | text |
incident_timestamp | timestamp without time zone |
rule_name | text |
rule_comment | text |
accuracy | integer | default 1
source | integer |
last_update_time | timestamp without time zone | default now()
Indexes:
"incidents_pkey" PRIMARY KEY, btree (id)
psql uses fairly standard SQL commands:
silvertail=> select id,name,incident_timestamp,status from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '30 days') and status = 3;
Note status has the following meaning:
1 = Open
2 = In Progress
3 = Closed
silvertail=> select count (id) from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '3 days') and status = 3;
silvertail=> delete from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '30 days') and status = 3;
After you have cleaned up you might want to consider compacting the storage.
silvertail=> SELECT
relname as "Table",
pg_size_pretty(pg_total_relation_size(relid)) As "Size",
pg_size_pretty(pg_total_relation_size(relid) - pg_relation_size(relid)) as "External Size"
FROM pg_catalog.pg_statio_user_tables ORDER BY pg_total_relation_size(relid) DESC;
Please note that to compact the db you will need to connect as the superuser, either change the role of silvertail or login as user postgres. Please consult postgres documentation for more details.
The command is:
silvertail=# vacuum full
Related Articles
Events and incidents mark as deleted automatically Number of Views Email Phishing Security Incident Alert – November 8, 2024 Number of Views RSA Access Manager password policy for automatic user unlock does not work when using an Active Directory user store Number of Views too many email notification for some incidents Number of Views How to authenticate to an RSA Authentication Agent for Windows as user@domain.com with NTLM to UPN name mapping Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
