When local storage is enabled through the Intercept MMC, events generated from the Agent are stored on the local disk as XML files. One XML file is generated for each event. Each file is formatted as:
|
<Event> <ConstructionString></ConstructionString> <EventClass></EventClass> <EventClassVersion></EventClassVersion> <EventSource></EventSource> <MachineName></MachineName> <TimeZoneName></TimeZoneName> <UTCOffset></UTCOffset> <UTCLogDate></UTCLogDate> <EventData></EventData> <AgentCLSID></AgentCLSID> </Event> |
By default, these files are stored in [drive]\\Program
Files\Avicode\Intercept\Agent\[version-number]\Storage\Events.
Please note
that on x64 installation, the server agent and its associated
configuration files may be found under "Program Files ", while
other components will be under "Program Files (x86)" The Incident
Snapshot Utility provides access to this data by converting all of
the current XML files to an Incident Snapshot file with the
extension '.is'
Locating the configuration file
Local can be configured in the following configuration file:
[drive]\Program
Files\AVIcode\Intercept\Agent\[version-number]\Configuration\StoreAgent.config
Please note
that on x64 installation, the server agent and its associated
configuration files may be found under "Program Files ", while
other components will be under "Program Files (x86)"
Opening the configuration file
You may edit the configuration file via Microsoft Visual Studio .NET, or by using a text editor.
Set the number of events to store
To set the maximum number of stored events:
|
<configuration> [...] <alias> <name>LocalStorage</name> <!-- path to folder for file writing --> <path>Storage\Events</path> <!-- thresholds filter --> <thresholds> <total enable='true' max='300' /> </thresholds> </alias> </configuration> |
Note that
this is a rolling storage buffer, so that once the maximum is
reached, old events will be deleted as new events are stored.
Last update: Tuesday, June 08, 2010 02:58:27 PM