In relation to Aanval, a datastore is a container of events that is used within the console to logically separate event data by time, count or both time and count. Datastores can either be manually rotated (creating a new datastore) or rotated automatically to help ensure performance of the console remains optimal at all times.
Aanval's datastore technology is key to the storage of as many as several billion Snort, Suricata and / or syslog events within a single Aanval console installation.
Datastores begin numbering at 1.
At anytime, you can change the active search datastore to perform searches, generate reports or simply view older datastore events, while new events continue to write to the most recent datastore.
By default, datastores will automatically rotate based on the number of events that a datastore contains. This is a customizable value and can be found within the Datastore display of Aanval under the Configuration menus.
Manual Rotation (within Aanval's web interface)
If you would like to manually rotate to a new datastore, you may do so within the Datastore display of Aanval, by creating a New datastore.
Manual Rotation (from command line)
Manual rotation of datastores can also be completed via the command line. From your Aanval installations /bin directory, execute the following command:
php console aanval:datastore:rotate