ESM Archive Storage Management

I am setting up ESM archives. I do not see any archive partition in my archive page, see attached.

Is my understanding correct:

- I should setup a separate Storage Group for ESM archive

- But I do not have enough disk space for the additional Archive Storage Group

Or do I simply turn on the Archiving and check "Follow Schedule" on the Default Storage Group" to achieve the automatic archiving of event data and resource configuration?

I already do have weekly backup of the database.

ESMDB/bin/arcsight export_system_tables $ESMDBUSER $ESMDBPW $ESMDBTNS

Thanks

Jan

Parents
  • Need a little more information please... I'm not an expert but I can help or find someone that knows more than I do...

    Question: Are you looking for warm storage (able to be used from the system on demand)?

    OR are you looking for 'cold' storage (data that has to be manually loaded) into the system after it ages off? EG after 90 days but you want to make sure the data is still present.

    If it's the first one, the partition that you're pointing the application at has to be large enough to hold the archived data or you have to point at a partition that is large enough on another defined partition. To do that you have to identify a partition in the OS that the application can access and has permissions to write data to. That partition needs to be identified first in the OS then via the application like your example EG /dev/d0b/blah/blah/blah (disk 02 or whatever you named the the larger partition/array of disks). That partition must have the capacity to store your data for the retention period. If it does not, you're going to run out of space. When that happens, both the OS and the application are going to start barking in the logs, (if they're configured to do so).

    If you have enough space on another partition that you can point the system at/to as a storage location that the db and the application can write to (hot storage) point and shoot. If you do not, you'll need to find either a bigger disk/array to put the archives on, or, you'll need to mount a logical disk in read/write mode. Make sure that whatever you point at is RAID configured to give you the speed and redundancy you need AND that, that partition is backed up by whatever process you use to safeguard it from catastrophy/bad events.

    If this isn't what you're looking for let me know and I'll do a better job of explaining.

Reply
  • Need a little more information please... I'm not an expert but I can help or find someone that knows more than I do...

    Question: Are you looking for warm storage (able to be used from the system on demand)?

    OR are you looking for 'cold' storage (data that has to be manually loaded) into the system after it ages off? EG after 90 days but you want to make sure the data is still present.

    If it's the first one, the partition that you're pointing the application at has to be large enough to hold the archived data or you have to point at a partition that is large enough on another defined partition. To do that you have to identify a partition in the OS that the application can access and has permissions to write data to. That partition needs to be identified first in the OS then via the application like your example EG /dev/d0b/blah/blah/blah (disk 02 or whatever you named the the larger partition/array of disks). That partition must have the capacity to store your data for the retention period. If it does not, you're going to run out of space. When that happens, both the OS and the application are going to start barking in the logs, (if they're configured to do so).

    If you have enough space on another partition that you can point the system at/to as a storage location that the db and the application can write to (hot storage) point and shoot. If you do not, you'll need to find either a bigger disk/array to put the archives on, or, you'll need to mount a logical disk in read/write mode. Make sure that whatever you point at is RAID configured to give you the speed and redundancy you need AND that, that partition is backed up by whatever process you use to safeguard it from catastrophy/bad events.

    If this isn't what you're looking for let me know and I'll do a better job of explaining.

Children
No Data