Lsmaint offline backup/restore not working
we are currently working with our client on a SIEM audit and we need to obtain specific logs from them. The client exported the events using LSMAINT and provided us with the outputs. However, when we try to perform the offline restore using LSMAINT, the task always fails and we don't seem to find any error.
Does anyone know what could be the problem?
For the restore we use following command:
lsmaint -offLineRestore -time 20130101 20131231 -storagelocation winevent_nic
Thank you in advance!
What command did you use to backup/archive the data?
What version of envision is this?
Is it a Standalone ES appliance or LS Architecture? if LS you are running this on the DSrv correct? and as master account.
During the -offlineBackup you stipulate a retention period, perhaps this has expired?
By default the -logIt is set to true for an -offLineRestore parameter which should write to a log file in the %_envision%\logs directory so you could look in here for any lsmaint logs to see if there is anything to help why this is not working.
I can see from the command you have run you have not specifically stipulated a storageLocation, you could look at adding this in for example \\10.203.2.101\vol1\.... if you have LS Architecture deployed.
I also see that you have added the device group winevent_nic but there is no -devicetype parameter before this?
You could also look at adding the -v parameter into the command as this will send the verbose output to the command window instead of the logger service and will hopefully give you a good indication of where it's failing too.