Home / Unlabelled / lsmaint -help options

lsmaint -help options

lsmaint -help options

Goal

Reviewing lsmaint -help, -h or -? syntax

Fact

enVision

Fix

Lsmaint archiving tool

The lsmaint archiving tool is very useful for grooming data from the IPDB. It is possible to move copy or delete by date, relative time ranges and for some or all devices by type orr IP address. The syntax is reproduced here for convenience, it is possible to create a copy of the syntax by redirecting to a file, for example "lsmaint -? > morereadable.txt"

Lsmaint -?

enVision LS Maintenance Tool
Copyright (c) 2000-2007 RSA Corp.


 Usage: lsmaint <action> -time <start> <end>

lsmaint <action> [-gmt] -time <start> <end> [-storagelocation <sl>] [-localNode <true|false>] [-loggingLevel <n>] [-verbose] [-logIt <true|false>] [-maxThreads <n>]
[-deviceGroup <dg>] [-deviceset <ds>] [-devicetype <dt>] [-device <d>]
[-retention <n>[Y|M|D]] [-backUpKeys <true|false>] [-restoreLast <true|false>] [-key <key>] [-dest <destination>]


 Actions: Description
======== ======================================
-help, -h or -? Displays this help information.
-examples Displays a list of examples.
-directory or -l Displays the list of local site devices.

-rebuild [all|hour|day] Rebuilds index and summary data.
If the day argument is passed only the day index and summary data are rebuilt.
If the hour argument is passed the hour and day index and summary data are rebuilt.
If the all argument is passed the minute, hour and day index and summary data are rebuilt.
-fix [all|hour|day] Repairs index and summary information.
If the day argument is passed only the day index and summary data are repaired.
If the hour argument is passed the hour and day index and summary data are repaired.
If the all argument is passed the minute, hour and day index and summary data are repaired.
-verify [all|hour|day|crc] Scans data, index, and summary information for errors.
If the day argument is passed only the day index and summary data are scanned.
If the hour argument is passed the hour and day index and summary data are scanned.
If the all argument is passed the minute, hour and day index and summary data and the minute data are scanned.

-show Shows the data/index/summary files that will be affected with the specified arguments but takes no action.
-delete Deletes the selected data/index/summary files.
-copy <destdir> Copies the selected data/index/summary files to the directory destdir with the same hierarchy structure as source location.
-move <destdir> Moves the selected data/index/summary files to the directory destdir with the same hierarchy structure as source location.

-offLineBackup Backs up the data/index/summary files to Offline Data Storage.
-offLineRestore Restores the data/index/summary files from Offline Data Storage.
-offLineExpired Deletes the data/index/summary files from Offline Data Storage that have had their retention expire.
-offLineDelete Deletes a single file from Offline Data Storage.
-offLineQuery Queries for Key Files and the data/index/summary files that were backed up to Offline Data Storage.
-offLineWrite Writes a single file to Offline Data Storage.
-offLineRead Reads a single file from Offline Data Storage.

-nextDSD <host> [force] Activates the specified host's next active Data Storage Directory (DSD).
The optional "force" switch causes the switch to take effect immediately for the
current day. Using the "force" switch may render the event data un-readable and
therefore should only be used in extreme cases with guidance from customer support.

-scanUnknown <n> Scans for unknown or undefined messages. Output goes to logs\unknownMessages directory.
<n> is the sample size for each device; the default is 100 events.

Arguments:
==========

-gmt Specifies that input times are to be interpreted in GMT.
If this argument is not specified the input times are interpreted as local time.
This argument must be specified before the -time argument.

-time <start> <end> [test]

<start> starting time

format
------
<YYYYMMDD> Starting time is the beginning of the specified day.
start Starting time is the beginning time of the oldest existing data.
now Starting time is the current time.
day Starting time is the beginning of the current day.
month Starting time is the beginning of the current month.
-<n>d Starting time is the beginning of the current day minus <n> days.
-<n>m Starting time is the beginning of the current month minus <n> months.

<end> ending time.

format
------
<YYYYMMDD> Ending time is the beginning of the specified day.
day Ending time is the end of the day specified in the starting time.
month Ending time is the end of month specified in the starting time.
-<n>D Ending time is the beginning of the current day minus <n> days.
-<n>M Ending time is the beginning of the current month minus <n> months.
+<n>D Ending time is the end of the day specified in the starting time plus <n> days.
+<n>M Ending time is the end of month specified in the starting time plus <n> months.
end Ending time is the end of existing data.

[test] Time selection test mode. Displays the associated start and end times
based on the <start> and <end> arguments and takes no action. Useful for confirming
relative time frames.


 -device <d> Specifies a Device name, or filter; the default is all local site devices.
Note!! <d> is a regular expression, for example 10.1.1.25 will match 10.1.1.25,10.1.1.250 - 10.1.1.255.
-devicetype <dt> Specifies a Device type name or filter; the default is all local site device types.
Note!! <dt> is a regular expression, for example cisco will match ciscopix and ciscorouter.
-deviceset <ds> Specifies a Device set name or filter; the default is all local site device sets.
Note!! <ds> is a regular expression.
-deviceGroup <dg> Specifies a Device Group.

-retention <n>[Y|M|D] Set the retention of the offline back up to n [Years|Months|Days]; the default is 0 seconds.
-backUpKeys <true|false> Back up the key files to Offline Data Storage; the default is true.
-restoreLast <true|false> If data has been backed up multiple times, only restore the last backup from Offline Data Storage; the default is true.
-key <key> Offline data or enVision key used by -offLineDelete, -offLineQuery, -offLineRead, and -offLineWrite .
-dest <destination> Offline data destination used by -offLineQuery, -offLineRead, and -offLineWrite to write its output.

-storagelocation <sl> Specifies a Storage directory name; the default is the current local site storage location.
-localNode <true|false> Specifies to use data stored on the local node; the default is false.
-verbose, -v Optional argument to enables verbose output to command window instead of to logger service.
-loggingLevel <n> Sets NIC message logging to include levels less than or equal to <n>, where <n> ranges from 0 (most critical) to 7 (least critical) and the default is 5.
-maxThreads <n> Sets the number of threads to use; the default is 25 for -offLineBackup, -offLineRestore and -offLineExpired and 4 for all other operations.
-logIt <true|false> Enables writing to a log in the enVision logs directory; the default is false except for -offLineBackup, -offLineRestore and -offLineExpired.


 Note! The physical files shown and/or manipulated by the tool are representations of internal data and may change from release to release.

-Regards,

Blackhattrick blog

(Googlethewebsite.blogspot.com/blackhattrick.blogspot.com)


lsmaint -help options lsmaint -help options Reviewed by BlackHat on 10:53 PM Rating: 5

No comments:

Post a Comment

Subscribe to: Post Comments ( Atom )


SastiPrice.com Store

Powered by Blogger.