Archiver: Retrieve Hash Information

Document created by RSA Information Design and Development on Jul 26, 2016
Version 1Show Document
  • View in full screen mode
 

Archiver provides a command, hashInfo, which you can use to retrieve the hash information for each session, meta, and packet databases that meets the session list or date range criteria. The hash information retrieved is in the form of a list of string parameters, each string parameter corresponding to the hash information for a single database file. You can retrieve the hash information of the database files using the Archiver Service Explore view or REST interface of the Archiver service. The hash information thus retrieved is used to compare the database files in the original location and the exported location to validate data integrity. 

The following table lists the criteria that you can use to retrieve the hash files from the database.

                 
CriteriaDescription
sessionsYou can retrieve the hash information of the database files by specifying the sessions that exist or read from the session database to determine the associated meta and packet id required to determine which meta and packet database files are needed to retrieve the hash information. 
For example:
sessions=100 - Retrieves the hash information of all database files that contain the constituent components(session, meta, content) of session 100.
sessions=100,500000 - Retrieves the hash information of all database files that contain the constituent components(session, meta, content) of session 100 and 500000
beginDateYou can specify a begin date as a filter against the database files. This finds the hash information for the files created after the specified date. The begin date specified has to be in the format YYYY-MM-DD HH:MM:SS.
endDateYou can specify an end date as a filter against the database files. This finds the hash information for the files created before the specified date. The end date specified has to be in the format YYYY-MM-DD HH:MM:SS
For example:
beginDate: “2014-Mar-25 05:52:00” endDate=”2014-Mar-27 05:52:00”  – Retrieves the hash information of all the database files in between March 25, 2014 and March 27, 2014 in the specified time range on those days.
directoriesBy default, the hash information files are stored with the database files they were created for.
You can also store the hash information file in different location by defining multiple locations in the hash.dir configuration parameter.
You can define the location as a filter and retrieve the hash information files for the configured location.
For example:
directories="/home/hash" – Retrieves the hash information of the database files from the location /home/hash

To retrieve hash information of the database files:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select an Archiver service.
  3. In the Actions column, select View > Explore.
    The Explore view of the Archiver service is displayed.
    explore_view.png
  4. In the node tree, right-click on database and select Properties.
    The Properties dialog is displayed.
    properties_dialog.png
  5. In the drop-down menu, select hashInfo.
  6. In the Parameters field, type the criteria that you want to use to retrieve the hash information from the database.
  7. Click Send.
    The output of the command is displayed in the ReponseOutput textbox.  In the output, the hash information is shown in the hexHash parameter. You can use this hash information to verify data integrity manually.

Examples

Retrieve the hash information of the database files for the sessions that exist.
Criteria: sessions=100

Output
properties_dialog_ex1.png
The hash information shown in the hexHash parameter is retrieved and you can use this to verify data integrity manually for session 100

Retrieve the hash information of the database files for the session ranges that exist.

Criteria: sessions=100,500000

Output
properties_dialog_ex2.png

The hash information shown in the hexHash parameter is retrieved and you can use this to verify data integrity manually for session range 100 - 500000

Retrieve the hash information of the database files created in the specified date range
Criteria: beginDate="2014-Mar-25 05:52:15" endDate="2014-Mar-27 05:52:15"

Output
properties_dialog_ex3.png

The hash information shown in the hexHash parameter is retrieved and you can use this to verify data integrity manually for the date range specified.

You are here: Additional Procedures > Retrieve Hash Information

Attachments

    Outcomes