arcsight archive newids - what's the deal?
Is there anyone who could explain the '-newids' tag for the 'arcsight archive' tool?
From the help:
"-newids newids - All archival objects within an archive will be given new IDs. All references to these archival objects will have their IDs changed to the new IDs, or removed if the ID is not found in the archive. This is useful when an archive was created and then all of the resources in the archive were modified to create new resources, but the IDs were retained."
But I have to seen this work in my tests 😞
I'd like to have a multiple resource archive (Use Cases, AL, Active Channels, Rules, Reports, Trends & more) duplicated where all the ID's are to be replaced with new ones to really duplicate content.
Would there be anyone who could explain the inner workings of the '-newids' tag or perhaps push me in the right direction of really duplicating content?
I must be missing something obvious here, but documentation is pretty slim here.
Thanks for the help.
I am not the subject matter expert for this, but I can research it and figure out the issue so I can appropriately redirect your question. Please stand by...
It seems that the -newids option is not working as expected. You should file a support ticket so that it goes through the investigation process. It would also be good to know the use-case you have. There might be alternate ways to solve your use-case.
Submitted a SR to HP regarding newids not working and here is my reply:
Title: Product Technical Issue:Arcsight Archive tool -newids option does not seem to work.
*** Start of Message ***
We had identified the issue with a bug ID ESM-47652 - Using archive tool with newids flag does not work.
Our developer is working on the issue and it requires major changes and therefore should be addressed in our major release. We will notice you once the issue is fixed in our future release.
Really it's not working! "But for how long Mr Spock, for how long".
Can you believe this they will fix it in the next major release. How many releases have there been since this was first report over a year ago.
I can't believe this company, my confidence in this product is really going to hell.