South Africa Security and Compliance User Group

Expand all | Collapse all

Minimum nr of entries for SQL database - log settings for database

Jump to Best Answer
  • 1.  Minimum nr of entries for SQL database - log settings for database

    Posted 06-11-2015 08:08 AM

    Does anyone know what the minimum amount the log settings for the database can be set to for 46000 clients. Our SQL administrator would like

    us to review this amount as the DB is growing due to the client count increase. The current settings are all equal to "9999999" for all management, client and risk logs. Most are configured for 7 days while 1 or 2 are set to 30 days as per customer request.

    Running SEP 12Ru4Mp1a.

    SQL: 2012

     



  • 2.  RE: Minimum nr of entries for SQL database - log settings for database

    Posted 06-11-2015 08:12 AM
      |   view attached

    Minimum would be 1. Is that what you're asking. Or do you want the calculation for 46k clients?

    Maintaining the database

    Attachment(s)



  • 3.  RE: Minimum nr of entries for SQL database - log settings for database

    Posted 06-11-2015 08:17 AM

    Could I have the calculation for 46K clients please...



  • 4.  RE: Minimum nr of entries for SQL database - log settings for database

    Posted 06-11-2015 08:18 AM

    use this calculator

    https://www-secure.symantec.com/connect/downloads/sql-database-schema-information-and-database-planning-symantec-endpoint-protection-manager

     



  • 5.  RE: Minimum nr of entries for SQL database - log settings for database

    Posted 06-11-2015 08:19 AM

    These are old but may still be valid:

    https://www-secure.symantec.com/connect/articles/how-use-sepm-database-sizing-tool



  • 6.  RE: Minimum nr of entries for SQL database - log settings for database
    Best Answer

    Posted 06-11-2015 08:44 AM

    Everyone is on point here with the responses, but depending on your client/customer and the industry they are in you should maintain log data covering incidents per law, rule, statute, regulation governing their industry requirements. Would advise to KEEP the 999999999 and consider 60 day settings. Nonetheless, see this closed thread which is relevant: Syslog Output from SEPM