Archive Live Logger Data

Does not apply in a SaaS environment.

All live data in Logger must be archived before you attempt the migration process.

• Configure the Archive Storage Setting

• Add an Event Archive

Configure the Archive Storage Setting

Required only if you have not previously configured this setting

If you are using the Logger Appliance, create the NFS or CIFS mount point. For more information, see the Storage and Remote File System sections in Chapter 6 of the Administrator's Guide to ArcSight Logger. If you are using Software Logger and intend to use an NFS or CIFS mount point, ensure that the external storage point is mounted on the machine on which Logger is installed. For more information, see your system’s operating system documentation.

1. Go to Configuration > Storage > Archive Storage Settings.

2. Specify a mount location and an archive path for each storage group. You can specify a different path for each storage group, thus enabling Logger to archive events to a different location for each storage group.

   You can configure settings for all storage groups on the Archive Storage Settings page even if you do not intend to archive all of them. Logger enables you to only save the storage group paths that have a mount configured and ignore the empty fields.

   • On Logger Appliances: Select (from the list box) a path in the Archive Path field appended to the path specified in the mount location. This location can be an NFS mount, CIFS mount, which is configured using the Logger user interface.

     For example, if the mount location you selected refers to the path /opt/ARCHIVES, and the archive directory in that location is archivedir, then specify archivedir in the Archive Path field.

   • In Logger Software, enter a complete path where the archive file will be written in the Archive Path field. This path could be a local directory or a mount point already established on the Logger host.

   Tip: On Software Loggers, the Mount Location field does not exist.

3. Click Save.

   If all fields are blank or without any changes, Logger will display the message No changes have been made. Otherwise, Logger will acknowledge the configuration with the message Archive Storage Settings saved successfully.

Add an Event Archive

1. Select Configuration > Storage.

2. Select Event Archives.

3. Click Add.

4. For Name, enter a meaningful name for the new Event Archive.

5. Specify the Start and End dates in the m/dd/yy format, where m is month number, dd is the day of the month (with a leading zero if necessary), and yy is the two-digit year number.

   When the Start and End dates are different, one archive file per storage group, for each specified day is created. For example, that will be the case when you specify the following Start and End dates:

   Start Date: 8/12/19

   End Date: 8/13/19

   Note: If a day's events have already been archived, you will not be able to archive them again. If you try to archive the same day's events twice, Logger will display a message with the already archived day or dates. If you are archiving a range of dates and some of them have been archived, the archive process will complete, skipping any days already archived, and a message will display the

   And, if you configure both storage groups—Internal Event Storage Group and Default Storage Group, four archive files will be created as a result of this archive operation—two files per storage group for the specified two days.

   The Event Archives table (in the Event Archives page) lists the archives by an alias in this format:

   <archive_name> [<yyyy-m-dd>] [<storage_group_name>]

6. Select the names of the storage groups that need to be included in the archive.

7. Click Save to start archiving events, or Cancel to quit.