Configuring the Alert Purge Utility

8.3.4.1 Configuring the Alert Purge Utility

The <INSTALL_DIR>/database/db_tools/mantas_cfg/install.cfg file contains common configuration information that the Alert Purge Utility and other utilities require for processing.

The following sample section from the install.cfg file provides configuration information specific to this utility.

################ALERT PURGE CONFIGURATION ########################
#Set the Alert Purge input variables here..
#(set the job/scenario value you DO NOT USE to null) # 

limit_matches=Y 
purge=N 
batch_size=5000
job=null scenario=null
# Enter dates with quotes in the following format: #
‘DD-MMM-YYYY HH:MI:SS' or ‘DD-MON-YYYY’.
start_date=null 
end_date=null

Not specifying a value of null (for example, leaving a value blank) in this section of the install.cfg file causes undesirable results.

Table 8-3 Alert Purge Utility Parameters

Parameter	Description
purge	Determines how the utility performs processing, depending on the specified value: N(default): Performs all processing up to the point of the purge. The utility identifies resulting matches, alerts, and actions, but performs no purging. l Y:Performs the above in addition to purging matches, alerts, and actions.
limit_matches	Identifies restrictions on the matches to delete: Y(default): If a match that you want to delete is part of an alert that contains matches that you do not want to delete, do not delete this match either (applies to multi-match alerts). N:Deletes all selected matches for purging based on the input criteria. The utility deletes only alerts and associated actions that exclusively contain matches to be purged. The system purges matches that do not relate to alerts, regardless of the value of limit_matches.
batch_size	Optional:Sets the batch size of purge actions to minimize log space use. Specifying a non-positive value or specifying no value uses the default of 5,000 rows.
job	Identifies the Behavior Detection Job ID to purge (value in the JOB_ID column of the KDD_JOB table). Selecting this variable causes the system to ignore the scenario, start_date, end_date, and alert_status variables. If you assign a value to the job parameter, do not assign a value to the scenario parameter. Likewise, if you assign a value to scenario, assign a value of NULL to job. If both the Job ID and the Scenario ID are assigned values, the Alert Purge Utility continues to run using the Job ID, ignoring the Scenario ID.
scenario	Identifies the Behavior Detection scenario ID to purge (value in the SCNRO_ID column of the KDD_SCNRO table). If you assign a value to scenario, assign a value of NULL to job. Likewise, if you assign a value to job, assign a value of NULL to scenario. If both the Job ID and the Scenario ID are assigned values, the Alert Purge Utility continues to run using the Job ID, ignoring the Scenario ID.
start_date	Indicates the start date for the Scenario ID (when the scenario parameter is in use), in the format 'DD-MON-YYYY HH:MM:SS' or 'DD-MON-YYYY'. When using only the date, the time component defaults to midnight. You must set this parameter to NULL if it is not used. However, when using the scenario parameter, it cannot be set to NULL.
end_date	Indicates the end date for the Scenario ID (when the scenario parameter is in use), in the format 'DD-MON-YYYY HH:MM:SS' or.'DD-MON-YYYY' Whenusing only the date, the time component defaults to midnight. You must set this parameter to NULL if it is not used. However, when using the scenario parameter, it cannot be set to NULL.
alert_status	Identifies an alert status code (when the scenario parameter is in use) against which to restrict the Alert Purge Utility further. (Comma-separated list.) Alert status codes include: NW (New), OP (Open), CL (Closed), FL, RO and RA. When using the scenario parameter, the alert_status must be used, however, you can set it to NULL.