Sentinel provides the event_assoc_data.sh script that allows you to export event association data from the database to the file system, as well as import previously exported event association data from the file system back into the database. The script is event_assoc_data.sh located in the /opt/novell/sentinel/bin directory.
There are two types of event association data:
Incident events: There is a record in the database for every event that is associated with an incident, including what partition the event came from. When a partition is deleted, all incident events records for the partition are exported to a file on the file system, and the records are then deleted from the database. The file name is incidents_events.json.
Correlated events: There is a record in the database for every trigger event that is associated with a correlated event. The record also indicates what partition the correlated event belongs to. When a partition is deleted, all correlated event records for the partition are exported to a file on the file system, and the records are then deleted from the database. The file name is correlated_events.json.
When you export event association data, it is saved to the files in the following default directory structure /var/opt/novell/sentinel/data/eventdata/exported_associations/<partition name>/*.json
When a partition is restored from backup, the system automatically attempts to import the event association records for the partition. The .json file must be restored to the correct directory structure when the event association records are restored. If these files are not restored, the event association records are not imported, but the partitions are restored without this information. The event association records for the partitions are not available.
You can use the following options with for the event_assoc_data.sh file:
-i, --import: Imports event association data. This option works only on partitions that are currently in the restored state, but have not yet imported the event association data.
-x, --export: Exports event association data. This option works only on partitions that are currently in the deleted state, but have not exported their event association data.
-d, --days=<integer>: Specify the last number of days of the partitions.
-s, --startdate=<date>: Specify a start date and end date to select partitions in the specified date range.
-e, --enddate=<date>: Specify an end date and start date to select partitions in the specified date range.
--date=<date>: The utility selects the partitions with the specified date. You can use this option multiple times to select multiple dates.
-u, --user=<user name>: Specify the name of the user with administrative privileges to the Sentinel server.
-p, --password=<user password>: Specify the password of the administrative user.
--host=<host name>: Specify the host name or IP address of the Sentinel server.
--port=<port>: Specify the port number for communication to the Sentinel server. If this option isn’t specified, the default port of 8443 (HTTPS) or 8000 (HTTP) is used.
--https: If this option is used, the utility communicates over HTTPS.
--http: If this option is used, the utility communicates over HTTP.
-h, --help: Displays the help options.
-l, --log file=FILE: Logs messages from the utility to the file name specified in the parameter.
--no-banner: Suppresses banner messages.
-q, --quiet: Displays fewer messages.
-v, --verbose: Displays more messages.