RSA Admin

2 1/2 hours to open Alert History

Discussion created by RSA Admin Employee on Oct 26, 2009
Latest reply on Nov 2, 2009 by RSA Admin

I inherited a broken and nearly unused enVision box about 2 years ago. I have spent most of this time reading the help files and piecing it together. The person I replaced apparently didn't spend any time at all setting it up.
I attended RSA enVision Administration and Operations a few weeks ago and have spent most of my time in the office since then correcting various setup mistakes and changing the direction we have been going with it.
My problem is with the SonicWall alerts. I had an alert incorrectly configured, and enVision was swamped with alerts. To top that off, an old Sonicwall logging server was inadvertantly turned on which compounded the issue. Now, it takes about 2 1/2 hours to open the alert history for that device. When I click on the message, it opens in 4 or 5 minutes. I can then disposition the alert, and it takes another 2 1/2 hours or so for the alert history to display again.
My question is twofold:
1) What would cause this type of performance issue? How do we diagnose and correct it?
2) At this time we are not actively using the alert history, nor are we using the functionality of dispositioning the alerts (though that may come about at a later date). How would we go about offloading the alerts and clearing them off the appliance?
Our equipment: We have a 50-series HA appliance (Windows 2000). enVision version is 4.0.0 Build 0228. We have a total of 108 monitored devices, but only 60 are active. We are not currently using Event Explorer (licensing issue - we're working on it).
Here are a few days of the event totals for the SonicWall: 1,262,056; 1,103,179; 1,106,481; 1,213,086.
The alert history is slow for all the other alerts, but not as bad as those for the SonicWall.

Sorry for the length of this post, but I wanted to include any information that may be relevent. Please let me know if there is any other information necessary to troubleshoot this.