Set or Modify Data Management Settings

Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

To adjust Global Data Management Settings

1. On the main toolbar, click Deployment Manager.
2. Click the Platform Manager tab.
3. In the System Management Settings section, click Global Data Management Settings. 
   The Data Management Settings window opens on the Global Settings tab.

4. Under Data Management Profile, select the profile you want. The following table explains the profiles.

   Profile	Description
   Collection Optimized	Select this profile to optimize the system for collecting and processing data at the highest rate possible. With this profile all data is archived. Only event data is indexed for fastest search. Only event data is forwarded to LogMart for trending and reporting.
   Search Optimized	Select this profile to optimize the system for having fastest access to all data for search. With this profile all data is archived. All data is indexed for fastest search. Event data and other common high interest data is forwarded to LogMart for trending and reporting.
   Performance Optimized (Default)	Select this profile to optimize to achieve high collection and processing rates while also having the most common high interest data available for fastest search. With this profile all data is archived. Event data and other common high interest data is indexed for fastest search. Event data and other common high interest data is forwarded to LogMart for trending and reporting.
   Custom	Select this profile to enable all data management controls and configure each one specifically. Backup. Backup the current profile Restore. Restore the last saved profile

5. When a Custom profile is enabled, the Global Configuration Options in the following table are available.

   Setting	Description
   Enable Event Forwarding	Data Processor and Log Source settings that can be configured to disable Event Forwarding are ignored. If not checked, Event Forwarding can be enabled/disabled with each Data Processor's Disable MPE Event forwarding setting.
   Enable Log Processing	Data Processor and Log Source settings that can be configured to disable Log Processing are ignored. If not checked, Log Processing can be enabled/disabled with each Data Processor's Enable MPE log processing setting
   Enable LogMart	Data Processor settings that disable LogMart are ignored. If not checked, LogMart can be enabled/disabled with each Data Processor's LogMartEnabled advanced property.
   Use LogMart Standard Aggregation	LogMart standard aggregation is always used. Log Source and MPE Policy aggregation settings are ignored. If not checked, LogMart Aggregation is determined by Log Source settings and MPE Policy Rule overrides.
   Enable Intelligent Indexing	Reports, Report Packages, Tails, and Investigations have their log data indexed (i.e. brought online) into the applicable data source (Data Processor and/or LogMart). The Global Log Processing Rules supersede Intelligent Indexing settings and can be used to take specific data offline.

6. Click the Classification Based Data Management Settings tab. When the Custom data profile is selected, the Global CBDM Settings further determines how data is managed. You have the option of enabling CBDM to implement settings at a classification level instead of the MPE policy level. Every Classification, for example Ops\Critical,Sec\Compromise, Audit\Startup, has a Global Classification Setting (GCS) that, in conjunction with other settings, determines the following:
   • Should logs be archived
   • Should logs be stored on-line (Data Processor)
   • Should logs be forwarded to LogMart

7. To enable the CBDM settings, select the Enable Classification Based Data management (CBDM). The settings are described in the following table.

   Setting	Description
   Enable Classification Based Data Management (CBDM)	CBDM provides an easier method of configuring data management settings throughout LogRhythm. CBDM is recommended for most deployments except those requiring very detailed control of data management within LogRhythm. The options listed under Global CBDM Settings can only be selected if this option is selected. Global Log Processing Rules take precedence over Classification Based Data Management (CBDM) settings.
   Ensure Events are Indexed	All Logs identified as Events are indexed regardless of Log Source or MPE Policy settings.
   Forward all Events to LogMart	All Logs identified as Events are forwarded to LogMart regardless of Log Source or MPE Policy settings. If disabled, LogMart Forwarding can be enabled/disabled within each Log Source, as well as within each MPE Policy Rule.
   Ignore Log Source Don’t Archive Setting	Log Source settings that affect archiving are ignored. Archive treatment is determined only by the GCS settings. If disabled, GSC and Log Source settings are combined to determine archive treatment.
   Ignore Log Source Drop Log Setting	Log Source settings that affect indexed Log storage are ignored. Indexing treatment is determined only by the GCS settings. If disabled, GSC and Log Source settings are combined to determine on-line treatment.
   Ignore Log Source LogMart Forwarding Settings	Log Source settings that affect LogMart forwarding are ignored. LogMart forwarding is determined only by the GCS settings. If disabled, GCS and Log Source settings are combined to determine LogMart forwarding treatment.

8. Select the Global Classification Settings (GCS) options you want, as described in the GCS pane.