This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
AnuragMal
Beginner
Beginner
‎2012-10-19 08:25 PM

Delete older event logs

Hi , We am using an ES setup and have a 2 DAS connected to the RSA. We store events in one of the DAS and backup the same events on another. Perform scheduled daily backup for the same (lsmaint). Now we want to delete older events (say -6M) from RSA , but would like to retain the backup for the same. Checked the command ' -delete ' , it deletes all the events from even backup location. So can you suggest how to delete older events from Collector without deleting it from backup.

Checked the command "lsmaint -show -gmt -time start -6M >check.txt" it shows that it is looking for all the files, even from backup so if i perfrom delete action it would delete the same too.

 

Cheers

Anurag

0 Likes
Reply
3 Replies
RSAAdmin
Beginner
Beginner
‎2012-10-22 02:40 PM

Hi Anurag,

 

As you described the problem, it appears that the enVision knows about the backup location as well. The question is, did you add the backup DAS to enVision from the GUI i.e. can you see the entry in the Directories -> Manage Storage Locations? If yes, save the configuration and removed the backup DAS location from here.

 

After this, please check by running the same command, if you see enVision finding the events from the backup DAS. If no, you can proceed wioth 'delete'.

 

Suggestion: DO NOT add your backup DAS in the 'Manage Storage Locations' to avoid this situation.

 

regards,

Kuljeet Singh.

0 Likes
Reply
AnuragMal
Beginner
Beginner
In response to RSAAdmin
‎2012-10-26 06:11 AM

Thanks Kuljeet , yes missed on noticing the thing and it worked. Actually, the environment is an ES setup , so to accomodate space we had added the DAS. Now so that when the logs are full in one we can shift it to the other though GUI so was it added. Later when the idea of Backup was added this problem arised .

You suggestion worked and from now on i have to ensure a scheduled delete job for the same. What do you suggest "schedule delete job " , am i missing on any risk again ?

 

Thanks

Anurag

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to AnuragMal
‎2012-10-26 02:03 PM

Hi Anurag,

 

Well, at this time I could not think of any. I myself use the scheduled task to purge older events and it works like a charm.

 

Just check your requirements for purging the events and from where you want to purge. It should not be purging the events from your unintended location.

 

All the best.

 

regards,

Kuljeet

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.