5 Replies Latest reply on Feb 26, 2015 10:10 AM by curtisi

    Limit Datastore Usage

    Chrystal Taylor

      We have noticed a performance impact when the data store gets to 90+% usage, and we want to be able to limit our datastore usage to say 90% in the hope of avoiding that performance impact.  Is there any way to do this?

       

      Thanks,

      Chrystal Taylor

      -ChrystalT

      Loop1 Systems: SolarWinds Training and Professional Services

        • Re: Limit Datastore Usage
          curtisi

          Do you mean the LEM's internal logs/data partition on the virtual machine, or the data-store back-end for the virtual machine?

          • Re: Limit Datastore Usage
            curtisi

            There isn't a way to do that for a customer, but support can change that behavior with root.  Still, you shouldn't be seeing a hit 90%.

            1 of 1 people found this helpful
              • Re: Limit Datastore Usage
                Chrystal Taylor

                curtisi  What is to stop that from happening?  I have definitely seen it at or above 90% on the logs datastore. 

                 

                Thanks,

                Chrystal Taylor

                  • Re: Re: Limit Datastore Usage
                    curtisi

                    The actual alert DB has mechanisms that look for that 90% condition, and this triggers the database rotation.  The database will start dropping old data to make room for new data, and will drop data until the partition is under 90%.

                    Now, the other thing that lives in that log partition is the syslog facilities.  You can check these out by going to the LEM via SSH, and under APPLIANCE run a "diskusage" command  The line you want is the one I've highlighted:

                     

                    Partition Disk Usage:

                            LEM:            62% (1.8G/3.0G)

                            OS:              47% (1.3G/3.0G)

                            Logs/Data:        8% (17G/234G)

                            Temp:            4% (224M/5.9G)

                    Database Queue(s): 4.0K (No alerts queued, 2995136 alerts waiting in memory)

                    Rules Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

                    Console Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

                    DataCenter Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

                    EPIC Rules Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

                    Forensic Database Queue: 2.1M (0 data queued, 0 data items waiting in memory)

                    Logs: 3.0M

                     

                    If you have a very chatty syslog device (like a firewall on debug) it may be writing many logs to the LEM and causing that 90% condition.  The LEM will respond by dropping alert data in the database.  You can manage this log usage in the APPLIANCE menu with the LIMITSYSLOG and SETLOGROTATE commands.  I'd suggest hourly and 24 for the settings if you have a busy syslog environment.