Determining What Data You Need To Copy To Tape; Backing Up Data - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

The high level approach is to configure Sentinel Log Manager to retain data for longer duration to
perform searches and run report on the data you regularly need to access and to copy data to tape
before Sentinel Log Manager deletes it. To search or run report on data that was copied to tape, but
deleted from Sentinel Log Manager, copy the data from tape back into Sentinel Log Manager to
include the newly recovered data in its search results.
This section describes how to use tape or any other storage mechanism that Sentinel Log Manager
does not support.
Section 3.7.1, "Determining What Data You Need to Copy to Tape," on page 42
Section 3.7.2, "Backing Up Data," on page 42
Section 3.7.3, "Configuring Sentinel Log Manager Storage Utilization," on page 43
Section 3.7.4, "Sentinel Log Manager Data Retention," on page 43
Section 3.7.5, "Copying Data to Tape," on page 43
Section 3.7.6, "Copying Data from Tape Back Into Sentinel Log Manager," on page 44

3.7.1 Determining What Data You Need to Copy to Tape

There are two types of data in Sentinel Log Manager:
Raw data are the unprocessed events that are received by the connector and sent directly to the
Sentinel Log Manager message bus and then written to the disk on the Sentinel Log Manager
server. Raw data retention comes under legal requirements. Raw data cannot be searched or
reported on, because it is not processed or indexed.
Event data is generated by a collector after processing the raw data. Event data is indexed for
searching and can be searched and reported on. Although this data is not usually included in the
legal requirements, it is often important to retain, because it makes the data search easier.
If you want to store raw data to comply with legal requirements and are not concerned to search or
run report on that data at a later time, you can just copy the raw data to tape. However, if you want to
perform search or report on the data, you should copy both the raw data and the event data to tape so
that you can later recopy both sets of data back into Sentinel Log Manager.
You can also search the raw data directly by using tools such as egrep or a text editor, but this search
may not be sufficient for your requirements. The search mechanism provided by Sentinel Log
Manager on event data is much more powerful than these tools.

3.7.2 Backing Up Data

Sentinel Log Manager provides following backup options:
Configuration data: This option includes non-event or raw data backup. It is faster because it
contains a small amount of data, including all the directories in the installation except the
directory.
Data: This option takes longer because it involves backing up all the data in the data and archive
directories.
NOTE: Archive directories can be located on a remote machine.
42 Sentinel Log Manager 1.0.0.4 Administration Guide
data