Event Data - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Hide thumbs Also See for SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010:

Installation manual (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

Field Name

ChainSequence

3.1.2 Event Data

Event data is processed by the collector running on the collector manager. For more information

about event processing and parsing, see

Event data are subject to filtering rules set up on the event source, connector, and collector, so event

data may be dropped, if required.

The event data partitions are closed after two days, and no more events are written to them. Even

though the duration of the partition is only for one day, partitions are closed after two days to

accommodate events arriving at the last moment. After the partitions are closed, they are

compressed and archived.

Online partitions are stored in the

the local file system. Partitions are created based on the dates and retention policies.

A central partition index is maintained in the database that keeps track of all the existing partitions

and their location.

The following table describes the directory structure under the installation directory where event

data is stored:

Event Data Directory Structure

Table 3-3

Directory structure

/data

/data/eventdata

Description

A sequence number within a particular raw data chain.

The raw data events in a given raw data chain must have an

uninterrupted sequence of numbers starting with 0. In addition, all raw

data events in a given raw data chain must appear sequentially in the

files, with no other chains intermixed. If a raw data chain can span files,

the sequence should continue uninterrupted into the file that represents

every hour during which raw data was received.

Example: 4

NOTE: If no raw data is received for the one hour period the file would

record only from the next arrival of raw data. Nonetheless, the raw data

chain sequence should continue uninterrupted across until a new raw

data chain begins. A new raw data chain is signaled by a changed

ChainID value, and a ChainSequence value of zero (0).

Chapter 4, "Configuring Data Collection," on page

install_directory/data/eventdata

Description

The primary directory for all data storage.

The sub directory where all event data is stored.

47.

directory, which is on

Configuring Data Storage

Table of Contents

This manual is also suitable for:

Sentinel log manager 1.0.0.5

Event Data - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

3.1.2 Event Data

Related Manuals for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

Related Content for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

This manual is also suitable for:

Table of Contents