RSA Admin

lsmaint -rebuild -- any convenient way to run across all devicetypes?

Discussion created by RSA Admin Employee on Dec 13, 2011
Latest reply on Dec 14, 2011 by RSA Admin

The "Report Performance Primer" for version 4.1 says "for historical data you MUST prioritize and re-index event data to achieve performance improvements", using the lsmaint -rebuild command.


What's a convenient way to run lsmaint across a lot of data and devices?  As a command line utility, do I have to sit with an RDP window open all day while the tool runs? Can I put it in a batch job and schedule it to run off hours?


I have to imagine running this against our firewall and Windows logs is going to take a long time, even if cut up into single day or week long chunks.  I've run a few lightly-trafficed devicetypes by hand, but there doesn't seem to be a way to predict how long the process will take.