Data Loss Prevention

 View Only

  • 1.  Restriction on reporting over 10,000 events per report

    Posted Jan 06, 2012 05:34 PM

    We are looking at developing trend reporting based on a specific LoB manager.  When trying to build reports based on over 10k events there is a message that states "The current report exceeds the maximum number of incident that can be exported.  Please filter the report so that it contains 10000 or less incidents.

    Does anyone know of a work around or is it simply a limitation of Oracle 11g.  We are running v. 11.1 for DLP.



  • 2.  RE: Restriction on reporting over 10,000 events per report
    Best Answer

    Posted Jan 06, 2012 06:27 PM

    In the Manager.properties file (in /opt/Vontu/Protect/config), change the setting:

    com.vontu.manager.maxshowallincidents=10000

    Comments in that section indicate that memory errors might occur if this number is set too high.

    If exporting a report with more than 10000 incidents via email, this setting may need to be changed in the sale file:

    com.vontu.manager.maxautodistributionincidents=10000
     


     



  • 3.  RE: Restriction on reporting over 10,000 events per report

    Posted Jan 06, 2012 06:31 PM

    This is not Oracle limitation. 10,000 is the paramter max value set up in Vontu. These defaults (including others like max match count for a policy etc.) can be changed by administrator of Vontu but as you increase limit on such parameters, performance may become an issue. If any filter generates over 10,000 incidents that is big enough indicator to look into anyways!

    As another work around - sub divide your report. For example if you are looking for all events for one LOB manager and total events are over 10k, put filter for one policy or one severity at a time as each element will have its own 10k limit.

    Hope this helps!



  • 4.  RE: Restriction on reporting over 10,000 events per report

    Trusted Advisor
    Posted Jan 09, 2012 02:04 AM

    If you want to upgrade number of incident to do your export only once for all events, you have to change in manager.properties file, the following parameter :

    com.vontu.manager.maxshowallincidents=20000

    (if you want for example update limit to 20000)

    We also have this issue as we do reports and executive dashboard apart from DLP solution.



  • 5.  RE: Restriction on reporting over 10,000 events per report

    Posted Jan 10, 2012 02:26 PM

    MetriX IT Performance Dashboards from Xcend Group (A platinum Symantec Partner) will likely solve some of your challenges around reporting and dashboards. We have a host of KPI's prebuilt for the Entire Altiris Suite including SD. I've included a link for additional details below. If you'd like a DEMO just ask me. 

    http://www.xcendgroup.com/products/metrix-real-time-dashboard/?jh

    Jason Hildenbrand- jhildenb@xcendgroup.com



  • 6.  RE: Restriction on reporting over 10,000 events per report

    Posted Jan 19, 2012 11:54 PM

    You have to filter out the incidents from the incident view so that the number of incidens being displayed is <10k

    how you do that is by filtering them out by clicking the "advanced filters and summarization" link, then "add filter" and filtering the incidents out to create your report of less than 10K incidents.