Longterm DB
Description
The Long-term DB feature (in firmware >= 4.3) uses an attached storage devices to store traffic information of IP addresses and Layer 7 protocols with low resolution for a much longer time than the live statistics.
The elements stored in the long-term DB are as follows, graph data is available in 5 minute resolution:
- IP addresses
- activity time
- traffic graph in 5 minute resolution
- Layer 7 protocols
- traffic graph in 5 minute resolution
The storage is used similar to a swap file mechanism. The long-term data needs to be written in a format readable by new versions. Since firmware version 4.5, this is done automatically on restarts. An option allows to write the DB back into a persisted format on a daily basis.
Usage
If this feature is enabled, a view toggle button appears in the top menu bar. This button allows to switch between the real time "RT" view and the long-term ("LT") view.
In the long-term view, the IP address information contain only information about the traffic amount in 5 minute resolution.
The navigation menu in the long-term view only contains those modules which are available in this view.
If the long-term view is activated on module pages which do not support long-term data, a corresponding info box is shown.
Setting
The configuration can be found in the global settings page in the "Long-term DB and persistence" tab.
- To enable this feature, select a storage device to be used, enable the feature and enter a file size. The "required storage space" field shows how much memory is actually used which is usually at least double the configuration long-term DB size (due to additional space required for data persistence).
- The option "Data persistence mode" allows to select an alternative mode which also dumps parts of the live database onto disc. This increases the amount of space and time required to write the data and is usually not necessary.
- The long-term data base can be persisted once per day by enabling the corresponding option and selecting a time of day where the dump should happen. It is recommended to enable this option and to choose a time with less traffic then usual to avoid system overload during the dump time.
Once enabled, the utilization of the file is shown and the System Info Page contains information about how long the data can be kept.
Tip: Since the amount of information stored in the long-term DB is limited by the graph resolution, the file size usually don't need to be similar sized as the main memory. 10 GByte is a good starting point.
The size can be increase but it requires a restart of the packet processing.
Notes
Recommended storage device types:
| Storage device | Note |
|---|---|
| NMVe based SSD | recommended |
| SATA based SSD | can be used for moderate traffic, check system load for high system utilization |
| USB based SSD | not recommended, but might be useful for small systems (Allegro 200/500/510) |
| HDD | not recommended, should not be used |
It is also not recommended to place the long-term DB on the same storage device that is used a packet ring buffer as it will deteriorate the performance of both features.
The feature can be disabled temporarily and the last snapshot of persisted data is still kept. To remove this data permanently, use the delete buttons at the bottom of the configuration page.
Limitations
- The data in the long-term DB is limited to a selected subset of the data in the In-Memory-DB. See above for an exact list of elements available.
- The data is written into the long-term DB in variable intervals depending on traffic and system load. It takes up to 10 minutes (two graph intervals) until the data appears in the graph. Therefore, the last 5-10 minutes appear empty or with less traffic than in live view.