You can also use a tool to re-index event data partition, in the offline mode. The tool uses minimal number of resources without affecting any of the existing processes. Re-indexing operation in the offline mode takes longer when compared to reindexing by using the online mode.
You can run the tool outside the Sentinel server. However, you must copy the Java files and the Sentinel libraries folder to the machine from which you want to run the re-indexing tool.
Before you proceed, ensure that you have the following information:
The path to the folder where Java is located. For Sentinel installation, the path is: <sentinel_installation_path>/opt/novell/sentinel/jdk/jre/bin/java.
The path to folder where Sentinel libraries are present. For Sentinel installation, the path is: <sentinel_installation_path>/opt/novell/sentinel/lib.
The location of event data partitions. For Sentinel installation, the path is:
<sentinel_installation_path>/var/opt/novell/sentinel/data/eventdata/events/ for primary partitions.
<Sentinel secondary storage directory>/eventdata_archive/ for secondary partitions.
To use the offline tool from the Sentinel Server:
Log in to the Sentinel server.
Run the following command:
<sentinel_installation_path>/opt/ novell/sentinel/jdk/jre/bin/java -cp /opt/novell/sentinel/lib/ccsapp- <sentinel_version>-RELEASE.jar esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild <partition-directory>/ <partition_ID>
where, <sentinel_version> refers to the release version of Sentinel.
forcerebuild is an optional parameter. If this option is not specified, the tool creates a backup of index folder and temporary files, which occupies additional disk-space.
<partition-directory> refers to the path where all the partitions are present.
For example, location of primary partition:
<sentinel_installation_path>/
var/opt/novell/sentinel/data/eventdata/events/
For example, location of secondary partition:
<sentinel_installation_path>/
var/opt/novell/sentinel/data/archive_remote/<sentinel_server_UUID>/eventdata_archive/
<partition_ID> refers to the ID of the partition in the following format:
0200428_6E1CCA35-4BD4-102D-91CD-000C2907C76D or 20200428_6E1CCA35-4BD4-102D-91CD-000C2907C76D_20200607.
If there are more than one partition, specify the IDs separated by space. You can also use the wild cards for ID such as, 202004*.
For example, to re-index a single event data partition on primary storage, specify the following command:
<sentinel_installation_path>/opt/
novell/sentinel/jdk/jre/bin/java -cp /opt/novell/sentinel/lib/ccsapp-
<sentinel_version>-RELEASE.jar
esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild /
var/opt/novell/sentinel/data/eventdata/events/20200428_6E1CCA35-4BD4-
102D-91CD-000C2907C76D
To re-index multiple event data partitions of April 2020 on primary storage, specify the following command:
<sentinel_installation_path>/opt/
novell/sentinel/jdk/jre/bin/java -cp /opt/novell/sentinel/lib/ccsapp-
<sentinel_version>-RELEASE.jar
esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild /
var/opt/novell/sentinel/data/eventdata/events/202004*
NOTE:After completing the re-indexing for secondary partitions, remove the Index directory from each re-indexed partitions directory.
Restore the re-indexed partitions. For information about restoring data, see Restoring Data.
To use the offline tool from a separate machine:
Log in to the system.
Create a folder to copy java files and Sentinel libraries from the Sentinel server.
Copy the Java files from the Sentinel server to the folder created in Step 2.
For Sentinel installation, the Java path is: <sentinel_installation_path>/opt/novell/sentinel/jdk/jre/*.
Copy the Sentinel libraries from the Sentinel server to the folder created in Step 2.
For Sentinel installation, the Sentinel library path is: <sentinel_installation_path>/opt/novell/sentinel/lib/*.
Go to the folder created in Step 2 and run the following command:
java -cp ccsapp- <sentinel_version>-RELEASE.jar esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild <partition_directory> /<partition_ID>
where, <sentinel_version> refers to the release version of Sentinel.
forcerebuild is an optional parameter. If this option is not specified, the tool creates a backup of index folder and temporary files, which occupies additional disk-space.
<partition_directory> refers to the path where all the partitions are present.
<partition_ID> refers to the ID of the partition in the following format:
0200428_6E1CCA35-4BD4-102D-91CD-000C2907C76D or 20200428_6E1CCA35-4BD4-102D-91CD-000C2907C76D_20200607.
If there are more than one partition, specify the IDs separated by space. You can also use wild cards for ID such as, 202004*.
For example, to re-index a single event data partition, specify the following command:
java -cp ccsapp-<sentinel_version>-RELEASE.jar esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild / <Path to event partition folder>/20200428_6E1CCA35-4BD4- 102D-91CD-000C2907C76D
To re-index multiple event data partitions for April 2020, specify the following command:
java -cp ccsapp-<sentinel_version>-RELEASE.jar esecurity.ccs.comp.event.indexedlog.IndexedLogRebuild -forcerebuild / <Path to event partition folder>/202004*
The event data partitions must be placed in either the primary or secondary storage paths for Sentinel.
NOTE:After completing the re-indexing for secondary partitions, remove the Index directory from each re-indexed partitions directory.
Restore the re-indexed partitions. For information about restoring data, see Restoring Data.