NOTE: Sentinel partitioned tables are organized into two groups. One is the EVENTS table group,
which includes EVENTS and CORRELATED_EVENTS; the other is the summary table group,
which includes all summary, or aggregate, tables. If any one of the table in the group is specified by
the –tableName parameter, the archiveData operation is applied to all tables in that table group.
This command uses the following flags:
Archiving Data Flags
Table 11-6
Command
-action
-connectFile
-tableName
-keepDays
To run archiveData:
1 Execute this command as follows:
-action archiveData -connectFile <filePath> -tableName <table name> -
keepDays <numberOfDaysToKeep>
The following examples archive events and correlated events from the EVENTS and
CORRELATED_EVENTS tables according to the value set during archive configuration.
PostgreSQL Example:
./sdm -action archiveData -connectFile sdm.connect –tableName EVENTS
–keepDays 30
11.3.9 Importing Data
The importData action imports data between the given dates into the Sentinel database so it can be
used for historical reporting or other purposes. The data is imported into the following tables:
PostgreSQL
EVENTS
AUDIT_RECORDS
CORRELATED_EVENTS
EVT_DEST_EVT_NAME_SMRY_1
EVT_DEST_SMRY_1
EVT_DEST_TXNMY_SMRY_1
EVT_PORT_SMRY_1
EVT_SEV_SMRY_1
EVT_SRC_SMRY_1
NOTE: The tables are imported in Oracle with the same name they are archived with.
Command Flags
archiveData
<filePath>
<table name>
<numberOfDaysToKeep>
Sentinel Data Manager 281