Use the Maintenance utility, lsmaint.exe to copy, delete and move event storage data. This utility is located in the ..\bin directory.
The lsmaint.exe is a command line tool used to perform a variety of functions, such as copy data, delete data, and move data.
Usage: lsmaint <action> -time <start> <end>
Syntax:
lsmaint <action> [-gmt] -time <start> <end> [-storagelocation <sl>] [-deviceGroup <dg>] [-deviceset <ds>] [-devicetype <dt>] [-device <d>] [-loggingLevel <n>] [-verbose] [-maxThreads <n>] [-logIt <true|false>] [-localNode <true|false>]
Actions | Description |
-help, -h or -? | Displays this help information. |
-examples | Displays a list of examples. |
-directory or -l | Displays the list of local site devices. |
-offLineBackup | Backs up the data/index/summary files to Offline Data Storage. |
-retention <n>[Y|M|D] | Set the retention of the back up to n [Years|Months|Days]; default is 0 seconds. |
-backUpKeys | Back up the key files to Offline Data Storage; default is true. |
-offLineRestore | Restores the data/index/summary files from Offline Data Storage. |
-restoreLast | If data has been backed up multiple times, only restore the last backup; default is false restore all backups. |
-offLineQuery | Queries for Key Files and the data/index/summary files that were backed up to Offline Data Storage. |
-offLineDelete | Deletes a file from Offline Data Storage. |
-offLineWrite | Writes a file to Offline Data Storage. |
-offLineRead | Reads a file from Offline Data Storage. |
-key | Offline data key. |
-delete | Deletes the data/index/summary files. |
-copy <destdir> | Copies the files to the directory destdir with the same hierarchy structure as source location. |
-move <destdir> | Moves the files to the directory destdir with the same hierarchy structure as source location. |
-show | Shows the files that will be affected with the specified arguments but takes no action. |
-rebuild [all|hour|day] | Rebuilds index and summary information. |
-fix [all|hour|day] | Repairs index and summary information. |
-verify [all|hour|day|crc] | Scans data, index, and summary information for errors. |
-nextDSD <host> | Activates the specified host's next active Data Storage Directory (DSD). |
-scanUnknown <n> | Scans for unknown or undefined messages. Output goes to logs\unknownMessages directory. <n> is the sample size for each device; default is 100 events. |
Arguments | Description |
-gmt | Specifies that input times are to be interpreted in GMT; default is localtime. (This argument must be specified before the -time argument). |
-time <start> <end> [test] | |
<start> | starting time |
-storagelocation <sl> | Specifies a Storage directory name; default is all local site storage locations. |
-deviceGroup <dg> | Specifies a Device Group. |
-deviceset <ds> | Specifies a Device set name or filter; default is all local site device sets. |
-devicetype <dt> | Specifies a Device type name or filter; default is all local site device types. |
-device <d> | Specifies a Device name, or filter; default is all local site devices. |
-localNode <true|false> | Specifies to use data stored on the local node; default is false. |
-verbose | Optional argument to enables verbose output to command window instead of to logger service. |
-loggingLevel <n> | Sets NIC message looging to include levels less than or equal to <n>, where <n> ranges from 0 (most critical) to 7 (least critical) and the default is 5. |
-maxThreads <n> | Sets the number of threads to use; default is 100 for offLineBackup and offLineRestore and 4 for all other operations. |
-logIt <true|false> | Enables writing to a log in the enVision logs directory; default is false except for offLineBackup and offLineRestore. |
format | |
<YYYYMMDD> | Starting time is the beginning of the specified day. |
<YYYYMMDDhh> | Starting time is the beginning of the specified hour. |
Start | Starting time is the beginning time of the oldest existing data. |
now | Starting time is the current time. |
hour | Starting time is the beginning of the current hour. |
prevhour | Starting time is the beginning of the previous hour (same as -1h). |
day | Starting time is the beginning of the current day. |
month | Starting time is the beginning of the current month. |
-<n>h | Starting time is the beginning of the current hour minus <n> hours. |
-<n>d | Starting time is the beginning of the current day minus <n> days. |
-<n>m | Starting time is the beginning of the current month minus <n> months. |
<end> | ending time |
format | |
<YYYYMMDD> | Ending time is the beginning of the specified day. |
<YYYYMMDDhh> | Ending time is the beginning of the specified hour. |
hour | Ending time is the end of the hour specified in the starting time. |
day | Ending time is the end of the day specified in the starting time. |
month | Ending time is the end of month specified in the starting time. |
-<n>h | Ending time is the beginning of the current hour minus <n> hours. |
-<n>D | Ending time is the beginning of the current day minus <n> days. |
-<n>M | Ending time is the beginning of the current month minus <n> months. |
+<n>h | Ending time is the end of the hour specified in the starting time plus <n> hours. |
+<n>D | Ending time is the end of the day specified in the starting time plus <n> days. |
+<n>M | Ending time is the end of month specified in the starting time plus <n> months. |
end | Ending time is the end of existing data. |
[test] | Time selection test mode. Displays the associated start and end times based on the <start> and <end> arguments and takes no action. Useful for confirming relative time frames. |
-Regards,
Blackhat
1 comment:
If the data is moved to offline storage using the lsmaint command line utility, how is it moved back if I need to look at it?
Post a Comment