To re-index the event data partitions in offline mode, you can use an offline tool. This tool can be used in a separate system so that you will get offloaded from the Sentinel core system. If the Sentinel system has more than adequate resources then this offline tool can be run in the Sentinel system, which reduces the load on the Sentinel resources compared to the online mode.
Following are the three general components of the offline tool:
removeIndexFiles.sh script
createSqfs.sh script
Re-indexing command
This script is used for removing old index files in secondary storage partitions in /opt/novell/sentinel/bin directory.
If secondary storage is in CIFS/NFS file system, it auto-detects the partition directory in secondary storage and removes the index files in each partition directory.
If the secondary storage is in SAN, the user must provide the custom secondary storage location.
./removeIndexFiles.sh <fromPartitionId> <toPartitionId>
<fromPartitionId>: The from partition ID to start removing index files.
Example: 20211210_5BE1CCA36-6BD4-102D-91CD-000C2907C25 OR using wildcards 20211210*
<toPartitionId>: The to partition ID to end removing index files.
Example: 20211215_2ND1CCA36-6BD4-102D-91CD-000C2907C25 OR using wildcards 20211215*
To view all the options that can be used with the script, run the script with the -h option:
./removeIndexFiles.sh -h (displays all the options to use this script)
This script is used to compress the index directory to index.sqfs in each partition in the /opt/novell/sentinel/bin directory.
This script works if the secondary storage is in CIFS file system only.
If secondary storage is in the CIFS file system, it auto-detects the partitions directory in secondary storage then it creates the squashfs file and removes the index directory in each partition.
./createSqfs.sh <fromPartitionId> <toPartitionId>
<fromPartitionId>: The from partition ID to start creating squashfs files and removing index files.
Example: 20211210_5BE1CCA36-6BD4-102D-91CD-000C2907C25 OR using wildcards 20211210*
<toPartitionId>: The to partition ID to end creating squashfs files and removing index files.
Example: 20211215_2ND1CCA36-6BD4-102D-91CD-000C2907C25 OR using wildcards 20211215*
To view all the options that can be used with the script, run the script with the -h option:
./createSqfs.sh -h (displays all the options to use this script)
This command is used for re-indexing the secondary storage partitions. It is applicable for all the secondary storage partitions present in CIFS, NFS, or SAN.
This command can be used on the Sentinel system or from other systems where the secondary storage partitions are present.
You can use this command in Linux or Windows systems.
Run the following command:
java -cp ccsapp-<sentinel_version>-RELEASE.jar esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild <indexed-log-dir-path> <fromPartitionId> <toPartitionId>
Here, <sentinel_version> refers to the release version of Sentinel.
forcerebuild is an optional parameter. If this option is not specified, the tool creates a backup of index folder and temporary files, which occupies additional disk-space.
<indexed-log-dir-path> is the event data location of the secondary storage partitions. Example: .
<fromPartitionId> is the from partition ID where the re-indexing starts.
<toPartitionId> is the to partition ID where the re-indexing ends.
General Usage
For single partition in secondary storage:
<indexed-log-dir-path> 20211210_5BE1CCA36-6BD4-102D-91CD-000C2907C25
For specific partitions in secondary storage using wildcards:
For date partitions [ YYYYMMDD* ]
<indexed-log-dir-path> 20211210*
For month partitions [ YYYYMM* ]
<indexed-log-dir-path> 202112*
For year partitions [ YYYY* ]
<indexed-log-dir-path> 2021*
For specific range of partitions in secondary storage:
For date range partitions from 10th December 2021 to 15th December 2021
<indexed-log-dir-path> 20211210* 20211215*
For month range partitions from June 2021 to August 2021
<indexed-log-dir-path> 202106* 202108*
For year range partitions from 2021 to 2022
<indexed-log-dir-path> 2021* 2022*
To re-index the secondary partitions in CIFS, NFS, and SAN, perform the following steps:
Run the removeIndexFiles.sh script from Sentinel. For more information, refer to removeIndexFiles.sh.
Run the offline command from a separate system where secondary partitions are present or from the Sentinel server. For more information, refer to Re-indexing Command.
Run the createSqfs.sh script from Sentinel. For more information, refer to createSqfs.sh.
Restore the partitions. For more information, refer to Restoring Data.
Run the offline command from a separate system where secondary partitions are present or from the Sentinel server. For more information, refer to Re-indexing Command.
Run the removeIndexFiles.sh script from Sentinel. For more information, refer to removeIndexFiles.sh.
Restore the partitions. For more information, refer to Restoring Data.
To re-index systems other than Sentinel systems that have secondary storage partition is present, perform the following steps:
Log in to the system root or administrator user.
Create a folder to copy the Java files and Sentinel libraries from the Sentinel server.
Copy the Java files from the Sentinel server to the folder created in Step 2. In Sentinel, Java files are located in:
<sentinel_installation_path>/opt/novell/sentinel/jdk/jre/
Copy the Sentinel libraries from the Sentinel server to the folder created in Step 2. In Sentinel, the library path is:
<sentinel_installation_path>/opt/novell/sentinel/lib/
Go to the bin folder present inside the folder created in Step 2, and run the following re-indexing command:
<Folder created in step 2>/bin/java -cp <Folder created in step 2>/ccsapp-<sentinel_version>-RELEASE.jar esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild <indexed-log-dir-path> <fromPartitionId> <toPartitionId>
For more information related to re-indexing command, refer to Re-indexing Command.
Below steps to be followed:
Log in to the Sentinel server.
Switch to novell user:
su novell
Run the following command:
<sentinel_installation_path>/opt/ novell/sentinel/jdk/jre/bin/java -cp /opt/novell/sentinel/lib/ccsapp-<sentinel_version>-RELEASE.jar esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild <indexed-log-dir-path> <fromPartitionId> <toPartitionId>
For more information related to re-indexing command, refer to Re-indexing Command.