3.5 Verifying and Downloading Raw Data Files

The raw data files for each event source are compressed and archived every one hour and the file hash is computed for archived files. The file hash is used to check the integrity of the archived files.

  1. Log in to the Sentinel Log Manager as an administrator.

  2. Click the storage link in the upper left corner of the page.

    The Storage tab is displayed on the right pane of the page.

  3. Click the Raw Data tab.

  4. In the Raw Data section, select the desired collector and connector combination from the Event Source hierarchy drop-down list.

  5. The Event Source field displays the list of associated event sources (hostnames or IP addresses). Select the event source from the drop-down list.

    The table displays the list of local and archived raw data files for the selected event source.

  6. Click Select All to select all the files in the table.

  7. To select a raw data file, click the check box on the left side of the raw data file.

    The Verify Integrity and Download options are only enabled when you select a file from the table.

  8. Click Verify Integrity to verify the integrity of the selected archived files by comparing the hash values for the selected archived files.

    If integrity verification is successful a green icon is displayed next to the file name in the Integrity Ok? column. If it is a failure, a red icon is displayed.

    The hash is computed and updated in database only for archived files, but not for the local raw data files. As the raw data files are updated until they are archived, the hash value cannot be computed or updated for these files. So it is not possible to check the integrity of the local raw data files.

  9. Select the raw data file, then click Download to download the selected archived and/or local raw data files.

    The selected files are downloaded in the form of a zip file that contains a .csv (comma separated values) file. If the archived files are selected, the zip file would also contains a hash file corresponding to each of the archive files downloaded.

    The SHA-256 algorithm is used to generate the file hash and the generated hash is Base64 encoded.

  10. Click Close.