Configuring Data Storage; Data Storage Overview; Raw Data - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Hide thumbs Also See for SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010:

Installation manual (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Data Storage

Novell

Sentinel

Log Manager stores compressed event data on the server file system and then

archives it to a configured location for the long-term storage.

Section 3.1, "Data Storage Overview," on page 21

Section 3.2, "Configuring Data Archiving," on page 27

Section 3.3, "Configuring Data Retention Policies," on page 34

Section 3.4, "Configuring Disk Space Usage," on page 38

Section 3.5, "Verifying and Downloading Raw Data Files," on page 39

Section 3.6, "Viewing Online and Archive Data Capacity," on page 40

Section 3.7, "Using Sequential-Access Storage for Long Term Data Storage," on page 41

3.1 Data Storage Overview

Sentinel Log Manager receives two separate, but similar data streams from the collector managers:

the event data and the raw data. Both types of data on Sentinel Log Manager are moved from the

online, compressed, file-based storage to a user-configured, compressed archive storage location on

a regular basis.

Data files are deleted from the local and archive storage locations on a configured schedule. Raw

data retention is governed by a single raw data retention policy. Event data retention is governed by

a set of event data retention policies. All these policies are configured by the Sentinel Log Manager

administrator.

Section 3.1.1, "Raw Data," on page 21

Section 3.1.2, "Event Data," on page 25

Section 3.1.3, "Archiving," on page 26

Section 3.1.4, "Data Retention," on page 27

3.1.1 Raw Data

Raw data are the unprocessed events that are received by the connector and sent directly to the

Sentinel Log Manager message bus, and then written to the Sentinel Log Manager server. The

original event is not altered, but the following additional information are also sent to the message

bus with each event:

SHA-256 hash of the event

Chaining indicator (which is reset to 0 whenever the Sentinel Log Manager event source is

restarted)

All raw data are sent to the Sentinel Log Manager; there is no filtering on raw data.

Configuring Data Storage

Table of Contents

This manual is also suitable for:

Sentinel log manager 1.0.0.5

Configuring Data Storage; Data Storage Overview; Raw Data - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Configuring Data Storage

3.1 Data Storage Overview

3.1.1 Raw Data

Related Manuals for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

Related Content for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

This manual is also suitable for:

Table of Contents