Archiving - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Hide thumbs Also See for SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010:

Installation manual (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

Directory structure

/data/eventdata/

YYYYMMDD_<classid>

/data/eventdata/

YYYYMMDD_<class_id>

/events.evt

/data/eventdata/

YYYYMMDD_<class_id>

/index

3.1.3 Archiving

Archiving is the process of copying closed data files from the local storage location to the archive

storage location. The original files are retained on Sentinel Log Manager to facilitate faster searches;

however, if the Sentinel Log Manager server disk space usage nears a user-defined threshold,

duplicate data files are deleted from the Sentinel Log Manager server.

Archiving processes are applied to both the raw data and event data.

"Raw Data Archiving" on page 26

"Event Data Archiving" on page 26

Raw Data Archiving

A raw data file is in one of the following three states at the online location:

xx.open: A file to which data is currently being written.

xx.log: A file to which data is no longer being written. This type of file has not been compressed yet.

xx.zip: A file that is already been compressed. The compression process runs every 10 minutes, by

default. These files appear in both the online and archive locations if archiving is configured and

enabled.

If data archiving is configured and enabled, compressed raw data files are copied in every 15

minutes to the configured archive location.

For more information about raw data storage, see

Event Data Archiving

The event data stored on the Sentinel Log Manager server are archived if data archiving is enabled

and configured.

Sentinel Log Manager 1.0.0.4 Administration Guide

Description

A partition consists of the events for a single day (midnight-midnight UTC)

within a given data retention class and is held within a sub-directory named

YYYYMMDD_<class-id>.

Where,

YYYYMMDD: is the UTC date stamp.

<class_id>: is a UUID identifier associated with the data retention class.

The

directory contains the binary event data for the partition.

events.evt

The format of the binary event data is stored as a Reliable Persistent

Random Access Compressed Stream.

The index directory contains the lucene index for the partition.

"Raw Data Storage" on page

22.

Table of Contents

This manual is also suitable for:

Sentinel log manager 1.0.0.5

Archiving - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

3.1.3 Archiving

Related Manuals for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

Related Content for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

This manual is also suitable for:

Table of Contents