kng1 Trusted Contributor.
Trusted Contributor.

Re: Logger archives...a waste of time?

Jump to solution

Can you please elaborate on your comment from the Logger's perspective. The bottom line is that I am looking for a practical solution to backup the logger data that can be restored in a practically usable format.

Thanks

0 Likes
kng1 Trusted Contributor.
Trusted Contributor.

Re: Logger archives...a waste of time?

Jump to solution

Thanks Mark. That's in line with my thinking.

0 Likes
mvadm Super Contributor.
Super Contributor.

Re: Logger archives...a waste of time?

Jump to solution

Mathieu,

Also a year and a half after your post, the archives are still not zipped (Logger 5.3.1).

The other funny thing regarding archives is that their size absolutely does not reflect the amount of daily logs kept in those archives.

For instance, archiving approx. 4000 Oracle events writes archives in size of 800M.

But over 800.000 Windows appl. logs plus 1.2 million VMS logs require only 946M !?

The other issue is that the size of archives of a certain Storage Group usually grows for a week or even longer, than suddenly falls down, without any obvious reason. The number of daily events stored in this archive remain the same, but the size may start at 500M and go up to 1.2G, and then again fall down to 500M.

I'm not sure whether ArcSight is aware of that.

Regards,

Miloš

0 Likes
Vini Acclaimed Contributor.
Acclaimed Contributor.

Re: Logger archives...a waste of time?

Jump to solution

There is more to it, there are reasons why the sizes are inconsistent. The archives are done in chunks and it may bring data that shouldn't be part of that archive.

As for not zipping it, the archive data is already compressed. Try zipping it and see how much smaller it gets. It would be good to hear it.

0 Likes
mvadm Super Contributor.
Super Contributor.

Re: Logger archives...a waste of time?

Jump to solution

The archives are absolutely unzipped. Its is a good question for HP ArcSight, why is it so.

If I understand you right, the data in archives might be "wrong" ?! Does it mean, from wrong Storage Groups.

In this case, archiving makes no sense at all.

0 Likes
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: Logger archives...a waste of time?

Jump to solution

Yeah, we also "load" the archives from the original Logger and have a spare destination Logger we use to forward all the archive events to which will then re-index the events.  This assumes you have at least one Logger that is basically empty and dedicated to this purpose.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.