Advanced FS Logga settings
Filter out redundant events
Using an application to browse directories or open a often require multiple reads or writes. FS-Logga can ignore these redundant operations if they occur within a specified time period.
To reduce the amount of collected data:
- Enable (default) or disable the redundant events handling, separately for read and write events
-
Configure the time frame when FS Logga classifies events as redundant events.
Configuration file
pnTracer.config.xml
Computer
Collector server which is configured for the file server.
Path
%ProgramData%\Protected Networks\8MAN\cfg
If the file does not exist, copy the template from the following path:
old: %ProgramFiles%\Protected Networks\8MAN\etc
new: %ProgramFiles%\solarwinds\ARM\etc
Code
<?xml version="1.0" encoding="utf-8"?>
<config>
<tracer>
<fileserver>
<redundantEntriesHandling>
<removeRead type="System.Boolean">true</removeRead>
<removeWrite type="System.Boolean">true</removeWrite>
<!-- maximum time-diff in seconds to ignore read or write, default 10 -->
<maxTimeDiffForReads type="System.Int32">10</maxTimeDiffForReads>
<maxTimeDiffForWrites type="System.Int32">10</maxTimeDiffForWrites>
</redundantEntriesHandling>
</fileserver>
</tracer>
</config>Possible Values
removeRead and removeRight
true - as redundant classified operations are not recorded (default)
false - all operations are recorded (not recommended)
maxTimeDiffForReads and maxTimeDiffForWrites
minimum 1 second
default 10 seconds
maximium 60 seconds
After you save the pnTracer.config.xml file, stop and then start the FS Logga to enable your changes.
Record specific security ID operations on Windows file servers
The default non-recording of operations for the following security IDs (SIDs) can reduce the amount of recorded data.
S-1-5-18 NT-AUTHORITY\SYSTEM
S-1-5-19 NT-AUTHORITY\ LOCAL SERVICE
S-1-5-20 NT-AUTHORITY\ NETWORK SERVICE
The non-recording of operations for individual SIDs is not possible.
You can turn filtering off so all listed SID events are recorded.
Configuration file
pnTracer.config.xml
Computer
Collector server which is configured for the file server.
Path
%ProgramData%\Protected Networks\8MAN\cfg
If the file does not exist, copy the template from the following path:
old: %ProgramFiles%\Protected Networks\8MAN\etc
new: %ProgramFiles%\solarwinds\ARM\etc
Code
<?xml version="1.0" encoding="utf-8"?>
<config>
<tracer>
<windows>
<suspendfilter type="System.Boolean">true</suspendfilter>
</windows>
</tracer>
</config>Possible values
true - events of the listed SIDs are not recorded (default)
false - events of the listed SIDs are recorded (not recommended)
After you save the pnTracer.config.xml file, stop and then start FS Logga to enable your changes.
Change the directory for temporary Logga files
By default, temporary Logga files are stored at:
%ProgramData%\Protected Networks\8MAN\
To change the file location, edit the configuration file.
Configuration file
pnTracer.config.xml
Computer
Collector server which is configured for the file server.
Path
%ProgramData%\Protected Networks\8MAN\cfg
If the file does not exist, copy the "template" from the following path:
old: %ProgramFiles%\protected-networks.com\8MAN\etc
new: %ProgramFiles%\solarwinds\ARM\etc
Code
<?xml version="1.0" encoding="utf-8"?>
<config>
<tracer>
<localStoragePath>E:\other\directory</localStoragePath>
</tracer>
</config>Possible values
Enter the local storage path.
After you save the pnTracer.config.xml file, stop and then start FS Logga to enable your changes.