Dtconfig Table contain an important setting to configure ACS collector and database, I will list all this setting and the default values and how to work with this table.
Convert timestamps to local time
Use this value to use the local time to stamp the collected event
1 = use local time
0= use UTC time
Database schema version
This is the schema version value, it is now equal 6
Perform index maintenance
Use this value to configure the Database to perform index maintenance
1= the option is enabled.
0= the option is disabled.
Table switch offset in seconds since midnight UTC
Use this value to configure when the ACS will use another table to store the collected events since midnight UTC
The value 82800 = 82800/ 60*60 = 23 UTC
This value 82800 = 2:00 AM Egypt daylight time.
The table will be changed at 2:00 AM but we did not configure the interval until now.
Table switch interval in seconds
Use this value to configure the interval between every table
The value 86400 = 24 hours, so the table will be switched every day “24 hours” at 2:00 AM Egypt daylight time.
Number of partitions
Use this value to configure how many tables will be available in the Database to store the security events.
The value 15 = the ACS will store the security in 14 table and other will be running.
This value must be configure with the registry key below
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdtServer\Parameters
EventRetentionPeriod “This vale was configured in hours”
Example:
For Number of partitions = 15 and Table switch interval in seconds = 86400 the EventRetentionPeriod will equal to 14 *24 = 336 in decimal.
For Number of partitions = 31 and Table switch interval in seconds = 86400 the EventRetentionPeriod will equal to 30 *24 = 720 in decimal.
No comments:
Post a Comment