HealthCast

Local Record Count

The "Maximum Local Records Before Alert" count is used as an indicator of when an alert should be sent. The purpose of the alert is to notify an administrator that communications with the audit database may be experiencing problems or that there a number of audit messages that have been filtered out of the audit data. As a performance and security feature, auditSERVER is designed to cache messages to the local file system prior to saving the data in the database, preventing the loss of data while database services are unavailable, or otherwise experiencing performance issues. When this cache reaches the specified number of records, an alert will be generated. Typically, each message takes up 1KB file space, so a value of 1500 will mean that a 15MB file must be present (having been generated) before an alert will be sent. This value may be adjusted for preferences. Ensure that adequate local hard drive space is available as it can be increased as necessary . Personal preference is the only guiding principal for how large or small this value should be, because it will dictate how quickly an alert may be generated in the event database operations are slower than desired.

Note

Database insert performance over time will degrade as more records are added to the audit database. The larger the number of records present in the database, the longer the next insert will take. This is due to indexing, file growth, and similar database operational tasks performed by the database server. It is important to have an adequate database maintenance and backup plan in place to minimize the performance impact. The record count stored in the local file is a general indicator of these types of performance issues.