立即与支持人员聊天
与支持团队交流

InTrust 11.6.1 - Technical Insight

Import

Import process runs in the GatheringEngine.exe executable; a separate instance of GatheringEngine.exe is created for each import job. The process extracts data from the repository files, applying the appropriate filters, and stores the data in the audit database: GatheringEngine.exe opens a connection to the specified audit database, and imports the data using the BULK INSERT statement. Up to 4000 events are imported per transaction.

Consolidation

Consolidation runs in the GatheringEngine.exe executable; a separate instance of GatheringEngine.exe is created for each consolidation job.

Consolidation process checks that the source repository actually contains the appropriate data for the data source(s) defined in the consolidation policy, and for the timeframe specified in the consolidation job.

  • • If no relevant data exists in the source repository, GatheringEngine logs a warning, and the consolidation job exits.
  • • If relevant data exists in the source repository, the needed repository files are copied from the source repository to the target repository (whole files are copied).

You can consolidate audit data from a repository that is located on an InTrust server behind a firewall. To do it, first find out the repository path on the InTrust server behind the firewall and the password of the InTrust organization behind the firewall. Then take the following steps:

  1. Create a new repository. For that, right-click Configuration | Data Stores | Repositories and select New Repository.
    Consider giving the new repository a name that indicates it is located behind the firewall.
  2. On the Repository Location step of the New Repository Wizard, supply a UNC repository path that is also valid for the other repository behind the firewall. Complete the wizard.
    The path you specify is not verified. The repository object you created on step 1 is just a representation of the source repository. The actual repository will be found as long as the path is correct.
  3. Right-click the necessary task and select New Job; start creating a consolidation job.
  4. On the Select Repositories step, do the following:
    • Select the source repository
    • Select Use this server to manage source repository and specify the InTrust server that hosts the repository.
    • Specify the port over which your firewall allows communication. By default, port 900 is used.
    • Specify and confirm the password of the InTrust organization that the InTrust server behind the firewall belongs to.
    • Select the destination repository.
  5. Complete the wizard.

Repository Indexing

The indexes of InTrust repositories are created and maintained by the IndexingTool.exe utility, which resides in the InTrust\Server subfolder of the InTrust installation folder on the InTrust server and on Windows computers with the InTrust agent installed. This utility is designed to be launched automatically by InTrust Server or agent, not manually. However, manual operation is also supported for situations described in Repository Indexing for Advanced Search Capabilities.

Depending on the configuration of the repository, the indexing workload can be managed in one of the following ways:

  • All of the work is done by the IndexingTool.exe utility on the specified InTrust server.
  • The index is processed by IndexingTool.exe utility instances on computers in the specified InTrust site.

The workload distribution is managed by the RemoteIndexLauncher.exe utility on the InTrust server. This utility handles both server-side and distributed indexing. The utility cannot be launched manually.

Indexing Configuration

In addition to repository properties, indexing is configured by the following organization parameters:

Organization Parameter Meaning
IDX_IndexAccessCheckMode

Specifies how to check index security configuration. The values are as follows:

  • • 0
    Check only that the indexing account is a member of the computer local AMS Readers group on the InTrust server.
  • • 1
    Test whether the indexing account can actually read and write to repository files. However, if the indexing account is specified explicitly in the repository properties, it is only checked that the account is a member of the computer local AMS Readers group on the InTrust server.

The default value is 0.

IDX_IndexingThreadCount

Sets how many threads indexing will use. The values are as follows:

  • 0 or blank
    Use as many threads as there are CPU cores.
  • -1
    Use one less threads than there are CPU cores, but no less one thread.
  • Any positive integer
    Use this many threads.

Values less that -1 will cause errors.

The default value is -1.

For more information, see Repository Indexing for Advanced Search Capabilities.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级