About the PCE Databases

This section describes concepts you need to know to successfully administer the PCE databases.

Policy and Traffic Data Databases

The PCE uses two databases: one for policies and the other for traffic flow data. Both databases need to be backed up or restored.

Database	Summary of Command	Notes
Policy	illumio-pce-db-management dump --file backup_filename	Backs up the policy database.
Traffic	illumio-pce-db-management traffic dump --file traffic_backup_filename	Back up the traffic database by adding the traffic parameter.

Data Retention of Traffic Flow Summaries

The PCE removes traffic flow data summaries (used by the Explorer in the PCE web console) when these conditions occur:

• The disk size of the traffic flow summaries exceeds the disk space allocated for the data. See PCE Capacity Planning in the PCE Installation and Upgrade Guide for information.
• The traffic data database has been inactive for 90 days.

Determine the Primary Database

Policy Database

Run the following command to determine the primary policy database:

$ sudo -u ilo-pce illumio-pce-db-management show-master

Traffic Database

Run the following command to determine the primary traffic database:

$ sudo -u ilo-pce illumio-pce-db-management traffic show-master

Show Database Replication Information

Run the following command to view information about data replication between the primary and replica databases:

$ sudo -u ilo-pce illumio-pce-db-management show-replication-info

Rotate Database Passwords and Other Secrets

At any time, an Illumio Administrator can rotate the PCE database passwords and other auto-generated secrets used within the PCE. The new secrets take effect when the PCE is restarted. To rotate secrets, run the following command on any node:

sudo -u ilo-pce illumio-pce-ctl rotate-secrets

In a Supercluster, run this command once for each region.

Anonymize Database Export

You can anonymize the database dump file to protect confidential data before sending it to Illumio Customer Support for troubleshooting purposes. You can safely share policy and configuration data with Illumio for support requests. Sensitive data, such as usernames, passwords, and IP addresses, are masked.

1. Dump the policy or traffic database by running one of the following commands.

   Policy database:

   $ sudo -u ilo-pce /var/illumio_pce/illumio-pce-db-management dump --file backup_filename

   Traffic database:

   $ sudo -u ilo-pce /var/illumio_pce/illumio-pce-db-management traffic dump --for-masking --file traffic_backup_filename

2. Anonymize the dump file by running the following command:

   $ sudo -u ilo-pce /var/illumio_pce/illumio-pce-db-management mask-db-dump --in-file backup_filename --out-file masked_filename --dict-file dictionary.txt --tmpdir path_to_alternate_tmp_dir;

   Optional --tmpdir parameter: The /tmp directory stores intermediate files and can sometimes run out of space. Use --tmpdir to specify an alternate temporary directory with adequate space.

   Example command output:

   Dictionary file /home/pce/dictionary.txt will be created
   Reading /home/pce/backup.july.11.2019.tar.bz2
   Processing avenger_fileserver_dev.sql
   Processing avenger_executor_dev.sql
   Processing avenger_ops_dev.sql
   Processing avenger_events_dev.sql
   Processing avenger_agent_dev.sql
   Processing avenger_login_dev.sql
   Processing dump-info
   Processing avenger_node.uuid
   Processing avenger_cluster.uuid
   Writing /home/pce/masked_backup.july.11.2019.tar.bz2
   Writing dictionary file /home/pce/dictionary.txt
   Done

3. Send the anonymized output file named in --out-file to Illumio Customer Support.

   CAUTION:

   Do not send the dictionary file to Illumio (dictionary.txt in the command above). Retain it at your own site. It contains the mapping from the umasked data to the masked data.

Illumio recommends consistently using the same dictionary file. This approach ensures that the same value is consistently masked and you can compare changes between different masked database dumps.

View Events Using PCE Command Line

You can view events using the PCE command line. For more details about viewing events, see View and Export Events.

Run the following command at any runlevel to display:

• The total number of events
• The average number of events per day

$ sudo -u ilo-pce illumio-pce-db-management events-db events-db-show

Run the following command at any runlevel to display:

• The amount of disk space used by events
• The total number of events
• The disk usage based on type of event

$ sudo -u ilo-pce illumio-pce-db-management events-db disk-usage-show

Example

$ illumio-pce-db-management events-db disk-usage-show
Reading /opt/pce_config/etc/runtime_env.yml.
INSTALL_ROOT=/var/illumio_pce
RENV=development

Events database disk usage summary:
Number of events: 6
Average number of events per day: 6
Total disk usage: 0.539 MB (565248.0 bytes)

Disk usage by event_type:
+----------------------------------+-------+------------+
| Event Type                       | Count | Disk Usage |
+----------------------------------+-------+------------+
| system_task.prune_old_log_events | 1     | 0.090 MB   |
| user.login                       | 1     | 0.090 MB   |
| user.logout                      | 1     | 0.090 MB   |
| user.sign_in                     | 1     | 0.090 MB   |
| user.sign_out                    | 2     | 0.180 MB   |
+----------------------------------+-------+------------+