Checking data availability on Security Analytics Appliance using CLI command
Last Updated July 25, 2017
Customer would like to know how to confirm the oldest meta data and capture data on SA from the command line.
Meta data: The beginning of the light pink area
Capture data: The beginning of the white area.
If you want to see the beginning of the light pink area or the oldest index data on SA from the command line, use this command:
# walk_space_table_journal | head -4
Sample: The output will show the the Slot 0 start date as below,
[root@SA ~]# walk_space_table_journal | head -4 Space table journal name: /var/lib/solera/meta/space_table_journal_v3 Entries: 59014 ---- Space table journal contents ---- Slot 0 start Wed Mar 22 12:27:13 2017 (1490207233) end Wed Mar 22 12:32:10 2017 (1490207530) iface 3 flags:0
You may identify the beginning of the white area by running the command "dsmon" then go to Slot Chains, select the capture interface, then it will show as below, the start date/time will be the beginning of the white area.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe