FS Logga settings in the pnTracer.config.xml file

Filter out redundant events to reduce the amount of data collected

User actions such as browsing directories or opening a file with an application often involve multiple reads or writes. These redundant operations can be ignored by the FS-Logga if they occur within a specified time period.

You can configure:

  • Enable (default) or disable the redundant events handling, separately for read and write events
  • The time frame within which the FS Logga classifies events as redundant events.

Configuration file

pnTracer.config.xml

 

Computer

Collector server which is configured for the file server.

 

Path

%ProgramData%\Protected Networks\8MAN\cfg

If the file does not exist, copy the "template" from the following path:

old: %ProgramFiles%\Protected Networks\8MAN\etc

new: %ProgramFiles%\solarwinds\ARM\etc

 

Code

<?xml version="1.0" encoding="utf-8"?>

<config>

<tracer>

<fileserver>

<redundantEntriesHandling>

<removeRead type="System.Boolean">true</removeRead>

<removeWrite type="System.Boolean">true</removeWrite>

<!-- maximum time-diff in seconds to ignore read or write, default 10 -->

<maxTimeDiffForReads type="System.Int32">10</maxTimeDiffForReads>

<maxTimeDiffForWrites type="System.Int32">10</maxTimeDiffForWrites>

</redundantEntriesHandling>

</fileserver>

</tracer>

</config>

 

Possible Values

removeRead and removeRight

true - as redundant classified operations are not recorded (default)

false - all operations are recorded (not recommended)

 

maxTimeDiffForReads and maxTimeDiffForWrites

minimum 1 second

default 10 seconds

maximium 60 seconds

 

After saving the pnTracer.config.xml file you have to stop and then start the FS Logga so that the changes can take effect.

 

Disable the default non-recording of operations for certain security IDs (SIDs)

This section applies to Windows file servers only.

The default non-recording of operations for the following security IDs (SIDs) helps to reduce the amount of recorded data.

S-1-5-18 NT-AUTHORITY\SYSTEM
S-1-5-19 NT-AUTHORITY\ LOCAL SERVICE
S-1-5-20 NT-AUTHORITY\ NETWORK SERVICE

The non-recording of operations for individual SIDs is not possible.

 

You can turn the filtering off so that all events of the listed SIDs will be recorded.

 

Configuration file

pnTracer.config.xml

 

Computer

Collector server which is configured for the file server.

 

Path

%ProgramData%\Protected Networks\8MAN\cfg

If the file does not exist, copy the "template" from the following path:

old: %ProgramFiles%\Protected Networks\8MAN\etc

new: %ProgramFiles%\solarwinds\ARM\etc

 

Code

<?xml version="1.0" encoding="utf-8"?>

<config>

<tracer>

<windows>

<suspendfilter type="System.Boolean">true</suspendfilter>

</windows>

</tracer>

</config>

 

Possible Values

true - events of the listed SIDs are not recorded (default)

false - events of the listed SIDs are recorded (not recommended)

 

After saving the pnTracer.config.xml file you have to stop and then start the FS Logga so that the changes can take effect.

 

Change the directory for temporary files of the Logga

By default temporary files of the Logga are store under

%ProgramData%\Protected Networks\8MAN\

 

You can change the location by editing the configuration file.

 

Configuration file

pnTracer.config.xml

 

Computer

Collector server which is configured for the file server.

 

Path

%ProgramData%\Protected Networks\8MAN\cfg

If the file does not exist, copy the "template" from the following path:

old: %ProgramFiles%\protected-networks.com\8MAN\etc

new: %ProgramFiles%\solarwinds\ARM\etc

 

Code

<?xml version="1.0" encoding="utf-8"?>

<config>

<tracer>

<localStoragePath>E:\other\directory</localStoragePath>

</tracer>

</config>

 

Possible Values

Enter the local storage path.

 

After saving the pnTracer.config.xml file you have to stop and then start the FS Logga so that the changes can take effect.