Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.
Visit http://www.aanval.com/ for more information.
Allows users to manage and manipulate the datastore system.
View Current Datastore
From the main display, users can easily determine which datastore is selected. In the upper right-hand corner is the datastore icon with the current datastore listed to the left, as in Figure 1.
By clicking on the datastore icon, users will be directed to menu in which they may change datastores from the current or listed datastore to a different, existing datastore, as in Figure 2.
To access Datastore Management, users must navigate to Console Configuration (in the lower right-hand corner, the gear icon) > General > Datastore Management. Within that menu, users may change datastores, rotate datastores, view the number of events in the current or selected datastore, and also delete datastores, as shown in Figure 3.
To manipulate a datastore, simply select the desired datastore from those available on the right of the screen. Once selected, users may select the Make Active button on the left of the screen to activate the datastore; or they may choose to delete the datastore by then arming the checkbox next to Delete Datastore and then committing by then clicking the now active button. The message "Marking datastore for deletion. One Moment, redirecting..." will be displayed once the datastore has been marked or queued for deletion. The process of actually deleting a datastore can take moments to much longer, depending on the size of the datastore.
Once a datastore is selected, the number of events within that datastore will populate on the left of the screen. Users may also then name the selected datastore. Example: Q3 Datastore or July 2012. If a new name is entered, users must click Update for changes to take effect.
By default, Aanval will rotate or create a new datastore and begin writing events to that new datastore after 500,000 events. When a new datastore is created, it is numbered in succession to the previous datastore; by default, datastores begin at 1000.
By navigating to Console Configuration (in the lower right-hand corner, the gear icon) > Console > Preferences > Datastore, users may choose to lengthen or augment the size of the datastore before automatic rotation. Users may also choose to have automatic rotation occur after a period of time, in increments of days.
Within the Datastore Management menu or by clicking on the datastore icon (in the upper right-hand corner), users may also choose to manually rotate datastores.