My name is Lucky, underdog in McAfee NSP product, I am facing lot of challenges around NSM 7.1 we are using in our environment, I manage to overcome most of the issues and things are bit streamline now However, there is an issue with missing alerts in historical thread analyzer
we have around 30 million alerts in IV_alert and packet log. Few months back when everything was normal with NSM we used to see alerts for 30 days, for your information we have policy to retain 30 million alerts.
Since after sudden increase in alerts count to approx 4 million a day, we started seeing issue with Disk space, which is resolved now, but historical alerts are kind of missing, it gives only current day alerts logs.
I doubt, Is this because we are doing archival of alerts every week? and now alerts won't show up as they are archived?
Can anyone help me with the functionality pls. I know you would be thinking that I should be referring to guides, but guides are people pls shed some light on the issue I got. Really appreciated.
Not sure if this is related, but NSM keeps throwing alert (Fault Alert capacity threshold exceeded)
At this time we have only 10 million alerts and threshold is set to 30 million, any clue what causing this alert?