Troubleshooting
Problem
The database on the IBM Security Guardium appliance is more than 90% full. Normal purge procedures did not remove enough data.
Cause
- The purge process was not scheduled or failed
- Purge is running but taking many hours
- Purge is working properly, but a large amount of data was logged in the last few days
- A single table is taking up almost all database space
Diagnosing The Problem
If the appliance is not in recovery mode and the GUI portal is still available, check the Aggregation/Archive Log for details on the most recent purge. Also, check the purge settings and schedule under Data Archive.
From CLI, run these commands and examine the output.
support show db-top-tables all
support show large_files 500 0
Large files include data partitions from large tables. File names include the date the data was logged.
Resolving The Problem
Warning - Only use the "clean DAM_data" command when all other options are exhausted. Unlike the normal purge process, this command does not ensure data was properly archived, so it can result in permanent loss of audit data. Before running this command, contact IBM Support. If you open a case, include the output of these commands.
support must_gather system-db-info
support must_gather sniffer_issues
Recommended Learning
Running the Command from CLI
Use "clean DAM_data" to hard delete specific days of data from specific tables. From CLI, issue this command with the purge_type option IBM Support recommended. All records between the start and end date are deleted. The purge_type parameter controls which tables are purged.
support clean DAM_data full_details 2022-01-19 2022-01-20
You are about to delete audit records outside of the standard purging policy.
It is highly recommended to consult with Guardium Services before running this command.
Please type "confirm delete" to approve the cleanup action.
confirm delete
This may take a while to complete. Please check the log /var/log/guard/agg_purge_data.log
ok
Use fileserver to check the agg_purge_data.log for progress.
If there isn't enough disk space to purge a single day from a single table, use this grdapi to purge data in smaller chunks.
guard.com> grdapi get_purge_batch_size
ID=0
Purge Batch Size = 200000
ok
guard.com> grdapi set_purge_batch_size batchSize=100
ID=0
ok
guard.com> grdapi get_purge_batch_size
ID=0
Purge Batch Size = 100
ok
guard.com>
Then, try "clean DAM_data" again. Once the table is smaller and there is more free disk space, use a larger chunk size to speed up the purge. Reset the batch size to 200000 once there is sufficient disk space for optimal purge performance.
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
11 April 2022
UID
swg21661280