Asset Intelligence Ops Intelligence Observability Robotic Data

RDA Log Archives

Log Archive Repository

PreviousWinlogbeat (Windows)NextRDA - Administration

Last updated 3 years ago

RDA Log Archives

Log Archive Repository

A named archive within a Log Archive Repository. Each repository will contain one more or more archives to store log data.

Terminology

Log Archive Storage in Object Storage

The following screen capture explains the structure of log archives storage under s3 compatible object storage.

CLI Interface

The following sections explain various CLI commands that can be used in the context of RDA Log Archive functionality.

CLI Commands

CLI Repositories

UI in SaaS Portal

Users can access the RDA Log Archive user interface via the SaaS portal.

Bots

RDA provides various system-enabled bots in order to use RDA Log Archive functionality. The following captures a few of the bots that are part of RDA.

Replay Bot

Save Bot

Event Gateway Configuration

Users can enable RDA Log Archive configuration via the RDA event gateway main configuration. Users must enable the configuration for an endpoint to take effect the log archive functionality as shown below.

Note: Refer to the Event Gateway section for more details on Event Gateway

RDA Log Archive - RDA Client CLI Commands

secret-add

CLI to add S3 Compatible secret key credentials

[macaw@localhost~]$ rdac secret-add --type logarchive_repo
Configure Integration: S3 Compatible Object Storage for Log Archiving

Name*: deleteme
Host or Endpoint*: 10.95.131.103:9000
Use HTTPS [True]: false
Access Key*: fa337ca7887345b6971b4c4e33f00056rdauser
Secret Key*: 
Bucket*: tenants.904a6613553c4e7cab45fe971b4a66bd
Object Prefix* [/]: log_archivals/
Manage Lifecycle of Archives: 2
Delete Old Data After (days) [30]: 7

[macaw@localhost~]$

secret-list

CLI to show the list of added secrets to the environment

[macaw@localhost]$ rdac secret-list
    name           type             saved_time                  checksum
--  -------------  ---------------  --------------------------  --------------------------------
 0  longivity-131  logarchive_repo  2022-02-02T11:54:37.992400  0606adcd94b9538e988276d234b03c1a
 1  deleteme       logarchive_repo  2022-02-02T11:32:18.473626  08231998fea34052c59319ebf636148a

logarchive-repos

CLI to show the list of logarchive-repos added to the environment.

[macaw@localhost]$ rdac logarchive-repos
+-------------------+--------------------+------------------------------------------+-----------------+
| Repository Name   | Endpoint           | Bucket Name                              | Object Prefix   |
|-------------------+--------------------+------------------------------------------+-----------------|
| longivity-131     | 10.95.131.103:9000 | tenants.904a6613553c4e7cab45fe971b4a66bd | log_archivals/  |
| deleteme          | 10.95.131.103:9000 | tenants.904a6613553c4e7cab45fe971b4a66bd | log_archivals/  |
+-------------------+--------------------+------------------------------------------+-----------------+

[localhost]$

logarchive-names

CLI to show the list of logarchive-names added to logarchive-repo's (repo name is needed to list the configured names within that repo)

[macaw@localhost]$ rdac logarchive-repos
+-------------------+--------------------+------------------------------------------+-----------------+
| Repository Name   | Endpoint           | Bucket Name                              | Object Prefix   |
|-------------------+--------------------+------------------------------------------+-----------------|
| longivity-131     | 10.95.131.103:9000 | tenants.904a6613553c4e7cab45fe971b4a66bd | log_archivals/  |
| deleteme          | 10.95.131.103:9000 | tenants.904a6613553c4e7cab45fe971b4a66bd | log_archivals/  |
+-------------------+--------------------+------------------------------------------+-----------------+

[macaw@localhost]$

logarchive-data-read

CLI to show data read operation using logarchive-data-read command

[macaw@localhost]$rdac logarchive-data-read --repo longivity-131 --name longivity --speed 1

Additional CLIs to perform actions on data

rdac logarchive-data-read --repo longivity-131 --name longivity --speed 2.0 --max_rows 100

rdac logarchive-download --repo longivity-131 --name longivity --flatten --out /home/macaw/deleteme

rdac logarchive-data-size --repo longivity-131 --name longivity

[macaw@localhost]$rdac logarchive-data-read --repo longivity-131 --name longivity --speed 2.0 --max_rows 100
[macaw@localhost]$rdac logarchive-download --repo longivity-131 --name longivity --flatten --out /home/macaw/deleteme
[macaw@localhost]$rdac logarchive-data-size --repo longivity-131 --name longivity