Hi Guys,

Issue:
Due to some technical reasons our file collector was turned off for a
period of three months, which in turn did not update the SQL database to
which it was syncing the events.

Scenario:
It seems that we have backups of our Sentinel file structure from back
then, about 90 days.

Questions:
- Could we use that backup again to sync those events particularly from
the cache backup that we have?
- Would it be possible to use the same collector to sync those remaining
events?
- Is there any way we could check if Sentinel database has the required
partitions to allow this back dated events to be synced to it?
- Or could we just use these old cache files and use a new file
collector to sync them from a newer location?

Any suggestions or pointers as off if this is a feasible feat?

-ddgaikwad


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51028