files (logs, diagnostics, and so on) generated by System Configuration actions.
Figure 47: The Maintenance Tab
Setting a schedule for file pruning
The File Pruning action enables you to set a schedule by which generated log data and files are deleted from your Manager/database. These data/files are admin created through various System Configuration actions, and each details a different aspect of system functionality. These system files get larger as more data is added over time. File pruning allows you to delete the data in a log or an entire static file either at the next scheduled time or in a set number of days. Regular deletion saves disk space on Manager server, thus improving overall performance.
The deletion scheduler works as follows: First, you set a daily time when you want File pruning —that is, deletion—to take place; this is under the Maintenance Scheduler setting.
Next, for each file type, you set a number of days/file size ( Scheduled Deletion ) after which you want a file that has reached the set age/size to be deleted. On the day a file is to be deleted, deletion takes place at the set daily time.
McAfee® Network Security Platform 6.0 Managing your Network Security Manager database
Note: When scheduling File pruning, set a time when no other scheduled functions (archivals, backups, database tuning) are running. The time should be a minimum of an hour after/before other scheduled actions.
To schedule deletion for Manager and database files, do the following:
1 Select Manager > Maintenance > File Pruning.
Note: To schedule file pruning action in the Central Manager, select Central Manager > Maintenance > File Pruning.
2 Select Yes to enable automatic file pruning.
This overrides the enabled status of individual file types from the table.
3 Select the day (Recur every) on which automatic file pruning will occur. Saturday is the default.
4 Set the time (Start time: At Hr and Min) for the selected day when you want scheduled maintenance to occur. The default is 23:30 hours.
5 View the list of files/logs for which you can set maintenance:
Note: The default enabled status for each file/log is listed in parentheses after each description that follows.
Manager Files
• Diagnostics: files created by performing the steps in Uploading a diagnostics trace from a Sensor to your Manager, Device Configuration Guide. (Yes)
• Sig Files (*.bin): files created during signature files update from the Manager to McAfee® Network Security Sensor (Sensor) by performing the steps in Updating the configuration of all Sensors. (No)
• DoS Files: denial of service (DoS) profiles uploaded from your Sensors. These files are downloaded by performing the steps in Managing DoS Learning Mode profiles on a Sensor, Device Configuration Guide. (Yes)
• Backup Files: saved Manager configuration, audit, and/or alert data as created by performing the steps in Backing up and restoring data (on page 44). (Yes)
• Saved Reports: all saved scheduled reports created by performing the steps in Scheduling a report, Reports Guide. (Yes)
• Hourly Data Mining: deletes trend data collected for trend analysis resources on an hourly basis. (No)
• Daily Data Mining: deletes trend data collected for trend analysis on daily basis.(No)
• Daily Archival: those archivals scheduled as Daily when Scheduling automatic archival.
• Weekly Archival: those archivals scheduled as Weekly when Scheduling automatic archival.
• Monthly Archival: those archivals scheduled as Monthly when Scheduling automatic archival.
Database Data
• Audit Log: log detailing user activity. Data is deleted by timestamp; the file itself is never deleted. This file can be viewed by performing the steps in Generating a User Activities Audit, Administrative Domain Configuration Guide. (Yes)
• Fault Log Data: log detailing system faults. Data is deleted by timestamp; the file itself is never deleted. (Yes)
• Performance Monitor Raw Data: Raw data relating to performance monitoring (data polled from the Sensor every 3 minutes).
• Performance Monitor Hourly Data: Hourly data relating to performance monitoring.
• Performance Monitor Daily Data: Daily data relating to performance monitoring.
McAfee® Network Security Platform 6.0 Managing your Network Security Manager database
• Performance Monitor Weekly Data: Weekly data relating to performance monitoring.
• Performance Monitor Monthly Data: Monthly data relating to performance monitoring.
• Incident Data: all generated incidents in the system marked for deletion. For more information, see Using Threat Analyzer Incident Viewer, System Status Monitoring Guide. (No)
• Guest User Data: logs containing the guest user information and can be viewed only when NAC is enabled. This will be purged as per the number of days set in the After field. For more information on guest users, see Guest users, Identity-based NAC, NAC Configuration Guide.
6 Select Yes for those file types that you want to be deleted at the scheduled time.
7 For those file types for which you have enabled deletion, type the time duration after which you want the files to be deleted.
8 Click Save when you are done with your changes.
9 (Optional) Click Refresh to update the information displayed in the page. Click View Scheduler Details to go to the Scheduled Tasks page.
Figure 48: File Maintenance Scheduler Settings
McAfee® Network Security Platform 6.0 Managing your Network Security Manager database
Note: Data on performance monitoring is displayed only when it is enabled from
<Admin Domain> /Device List > Sensor Performance > Enable.