By default, in Extreme Networks Security Analytics products, you cannot add an IPv4-only managed host to an IPv6 and IPv4 mixed-mode console. You must run a script to enable an IPv4-only managed host.
1 Install the Extreme Security Console by selecting IPv6 addressing.
2 After installation, on the Extreme Security Console, type the following command:
/opt/qradar/bin/setup_v6v4_console.sh
3 To add an IPv4 managed host, type the following command:
/opt/qradar/bin/add_v6v4_host.sh
4 Add the managed host by using the deployment editor.
Data retention
Configure custom retention periods for specific data.
Retention buckets define retention policies for events that match custom filter requirements. As Extreme Security receives events, each event is compared against retention bucket filter criteria. When an event matches a retention bucket filter, it is stored in that retention bucket until the retention policy time period is reached. This feature enables you to configure multiple retention buckets.
Retention buckets are sequenced in priority order from the top row to the bottom row on the Event Retention window. A record is stored in the bucket that matches the filter criteria with highest priority. If the record does not match any of your configured retention buckets, the record is stored in the default retention bucket, which is always located below the list of configurable retention buckets.
Configuring retention buckets
By default, the Event Retention window provide a default retention bucket and 10 unconfigured retention buckets. Until you configure a retention bucket, all events are stored in the default retention bucket.
The Event Retention window provide the following information for each retention bucket:
Table 29: Retention window parameters Parameter Description
Order The priority order of the retention buckets. Name The name of the retention bucket.
Retention The retention period of the retention bucket. Compression The compression policy of the retention bucket. Deletion Policy The deletion policy of the retention bucket.
Filters The filters applied to the retention bucket. Move your mouse pointer over the Filters parameter for more information on the applied filters.
Distribution The retention bucket usage as a percentage of total data retention in all your retention buckets.
Enabled Specifies if the retention bucket is enabled (true) or disabled (false). Creation Date The date and time the retention bucket was created.
Modification Date The date and time the retention bucket was last modified.
The toolbar provides the following functions:
Table 30: Retention window toolbar Function Description
Edit Edit a retention bucket.
Enable/Disable Enable or disable a retention bucket. When you disable a bucket, any new data that matches the requirements for the disabled bucket are stored in the next bucket that matches the properties. Delete Delete a retention bucket. When you delete a retention bucket, the data contained in the
retention bucket is not removed from the system, only the criteria defining the bucket is deleted. All data is maintained in storage.
1 Click the Admin tab.
2 On the navigation menu, click Data Sources . 3 Click the Event Retention or icon.
4 Double-click the first available retention bucket. 5 Configure the following parameters:
Parameter Description
Name Type a unique name for the retention bucket. Keep data placed
in this bucket for
Select a retention period. When the retention period is reached, data is deleted according to the Delete data in this bucket parameter.
Allow data in this bucket to be compressed
Select the check box to enable data compression, and then select a time frame from the list box. When the time frame is reached, all data in the retention bucket are eligible to be compressed. This increases system performance by guaranteeing that no data is
compressed within the specified time period. Compression only occurs when used disk space reaches 83% for payloads and 85% for records.
Delete data in this bucket
Select a deletion policy.
Select When storage space is required if you want data that matches the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads.
Select Immediately after the retention period has expired if you want data to be deleted immediately on matching the Keep data placed in this bucket for parameter. The data is deleted at the next scheduled disk maintenance process, regardless of free disk space or compression requirements.
When storage is required, only data that matches the Keep data placed in this bucket for parameter are deleted.
Description Type a description for the retention bucket. Current Filters Configure your filters.
From the first list, select a parameter you want to filter for. For example, Device, Source Port, or Event Name.
From the second list, select the modifier you want to use for the filter. The list of modifiers depends on the attribute selected in the first list.
In the text field, type specific information related to your filter and then click Add Filter. The filters are displayed in the Current Filters text box. You can select a filter and click Remove Filter to remove a filter from the Current Filter text box.
6 Click Save. 7 Click Save again.
Your retention bucket starts storing data that match the retention parameters immediately.