If you need to view audit trails in their native format, use the ITEventExtractor.exe command-line utility shipped with InTrust.
|
Note: Events that were filtered out when data was gathered to a repository will not be present in the extracted log files. |
To use the ITEventExtractor.exe utility
The syntax depends on the environment to which the required audit trails are related.
Microsoft Windows:
ITEventExtractor /REPPATH:<Path> /LOGNAME:<Name> /COMPUTER:<Computer> /FILE:<FileName> /DOMAIN:<Domain> [/SRVPORT:protocol:server[port]] [/DATEFROM:<Date>] [/DATETO:<Date>]
PARAMETER | DESCRIPTION |
---|---|
/REPPATH: | UNC path to the repository from which to extract the events. |
/LOGNAME: |
Specifies the logs that contained the events you need. |
/COMPUTER: |
The computers from which the events you need were retrieved. When specifying several computer names, separate them with white spaces. |
/FILE: |
The path to the file to which the utility writes information. |
/DOMAIN: |
The name of the domain or domains that include computers from which the events you need were retrieved. |
/SRVPORT: |
The communication port and protocol, and the server that processed the events you need. |
/DATEFROM: |
Date in MM/dd/YY or MM/dd/YYYY:HH:mm format; events recorded before this date are ignored. If you omit this parameter, events are extracted starting with the earliest. |
/DATETO: |
Date in MM/DD/YY or MM/dd/YYYY:HH:mm format; events recorded after this date are ignored. If you omit this parameter, events up to the latest are extracted. |
Unix:
ITEventExtractor /REPPATH:<Path> /LOGNAME:<Name> /HOST:<Object> /FILE:<:FileName> [/SRVPORT:protocol:server[port]] [/DATEFROM:<Date>] [/DATETO:<Date>]
PARAMETER | DESCRIPTION |
---|---|
/REPPATH: | UNC path to the repository from which to extract the events. |
/LOGNAME: |
Specifies the logs that contained the events you need. |
/HOST: |
The hosts from which the audit trails you need were retrieved. When specifying several hosts, separate them with white spaces. |
/FILE: |
The path to the file to which the utility writes information. |
/SRVPORT: |
The communication port and protocol, and the server that processed the events you need. |
/DATEFROM: |
Date in MM/dd/YY or MM/dd/YYYY:HH:mm format; events recorded before this date are ignored. If you omit this parameter, events are extracted starting with the earliest. |
/DATETO: |
Date in MM/DD/YY or MM/dd/YYYY:HH:mm format; events recorded after this date are ignored. If you omit this parameter, events up to the latest are extracted. |
|
NoteS:
|
The ServiceFolderRestorer command-line utility recreates the contents of the service folder used by a Centera-based InTrust repository. The service folder is used for referencing Centera clips created within the time range you specify, without checking whether those clips are referenced from anywhere else. You can use this to restore damaged service folders.
The utility is located in <InTrust_installation_path>\InTrust\Server\InTrust. Use the following syntax:
ServiceFolderRestorer.exe <path> <pool> ["<start time>"] ["<end time>"] [/y]
PARAMETER |
DESCRIPTION |
---|---|
<path> |
The path to the service folder of the Centera-based repository; the supporting file structure is created automatically. |
<pool> |
The Centera connection string (for example, 212.3.248.12:3128?c:\mercom.pea) |
<start_time> |
Optional parameters that specify the time range of the Centera clips you are interested in. These times must be in YYYY.MM.DD hh:mm:ss format. Mind that these times reflect when the clip was created in the Centera storage, not when the gathered events occurred. |
/y |
Optional parameter that enables silent mode. |
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center