RSA Admin

Calculating Number of Events in the IPDB

Discussion created by RSA Admin Employee on Aug 19, 2008

Questions I get always seem to come in clusters...

 

A number of people have recently asked me how they can calculate the exact number of events stored in the enVision IPDB.  You can use the lsdata command line utility to do this.  To simply get the total events in the IPDB, run this command from the ..\bin folder on the appliance:

 

lsdata -statistics totalsOnly -time start now -devices *

 

If you wanted to see that broken out by individual device types, use this command:

 

lsdata -statistics totalsByDeviceType -time start now -devices *

 

You can also manipulate the output and slice and dice it by changing the -time and -devices parameters.  For example, you could show all the events collected from Agentless Windows Servers during the month of July:

 

lsdata -statistics totalsOnly -time 20080701 20080731 -devices winevent_nic

 

Feel free to experiment with the lsdata command.  Use the ? character as a parameter if you need help on any part of it.

One other caveat:  if you have a large IPDB, you'll need to be patient with the command - it could potentially take a long time to execute...
Message Edited by MattMarchand on08-19-200803:27 PM

Outcomes