Initial Setup
16
Websense TRITON RiskVision
If the maximum number of incident records is reached before the oldest
records reach the obsolescence period that you select, and database cleanup is
enabled, the oldest records will still be deleted to make room for newer
records.
Likewise, even if the database is not full, records older than the period
specified will be deleted by the cleanup job.
3.
Use the
Session Storage
box to configure:
The maximum number of sessions to store in the database
Session data is stored only when the
Log all sessions
option is enabled on the
Diagnostics
page. Session logging is generally enabled only for
troubleshooting, and disabled when the troubleshooting process is complete.
Whether database cleanup occurs automatically
Because session data is typically used for troubleshooting, it is a best practice
to allow the automated database cleanup process to remove data that is no
longer needed.
How long to keep session data
The default is 3 days.
4.
Use the
Pcap Retention
box to configure:
Whether or not to store pcap files for threat and data loss incidents in your
network
Storing pcap files can quickly use a large volume of disk space, so pcap files
are not retained by default.
If pcap files are being retained, configure the maximum amount of disk space
to use for pcap file storage (120 GB, by default).
If pcap files are being retrained, also configure whether to delete the oldest
files or stop storing new files when the storage size reaches 90% of maximum
capacity.
Enable traffic capture
By default, traffic capture starts immediately upon startup. If the appliance interfaces
are not properly configured, however, the Capture process may stop.
To make sure that traffic capture is enabled:
1.
Select the
System > Analytics
tab in the Local Manager.
2.
Make sure
Enable traffic capture
is
ON
.