|
|
|
You may occasionally need to restore cold stored files for querying or reporting, as for an annual or semi-annual compliance audit. If you designate one CA Enterprise Log Manager to act as a restore point for investigations on cold data, you must force a rebuilding of the catalog each time you restore a new database to this CA Enterprise Log Manager. A rebuilding of the catalog, or recatalog, is required only when restoring data to a different server than the one on which it was generated.
Important! Ensure the Max Archive Days setting for this server's event log store is adequate. Otherwise, restored files are immediately deleted.
A recatalog is automatically performed when iGateway is restarted, if needed. If databases were incompletely cataloged before iGateway was shut down, the recataloging process completes when iGateway is restarted. If one or more databases are added to the archive database directory while iGateway is down, the recatalog process is performed at the next startup of iGateway.
Restoring archived files from external storage to a different CA Enterprise Log Manager from where they were backed up involves the following steps:
Rebuilding the archive catalog to add a single database can take several hours. After waiting long enough for the recatalog process to complete, you can begin your investigation by running queries and reports on the event logs from the restored databases.
Note: If you dedicate a CA Enterprise Log Manager as restore point, be sure to exclude it from the federation.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |