How do I reindex a single Log Archive Volume Parititon? (NETIQKB72176)

  • Document ID:7772176
  • Creation Date:29-Mar-2010
  • Modified Date:02-Apr-2010
    • Micro Focus Products:
      Security Manager

Environment

NetIQ Security Manager 6.5

Situation

How do I re-index the Log Archive Volume.

What are the steps for re-indexing the Log Archive Volume in SM 6.5?

Resolution

Download the Log Archive Resource Kit from our website.

  1. Go to https://support.netiq.com/sm
  2. Click on Utilities.
  3. Download LogArchiveResourceKit-6.5.0.1104.zip
  4. Install the Log Archive Resource Kit on your Log Archive server.

To restart the reindexing process, we need to remove the problematic data.

  1. Log into your Log Archive Server.
  2. Stop the NetIQ Log Archive Service.
  3. Open Windows Explorer and browse to the Log Archive Volume Parititon in question.
  4. Inside the Parition directory, delete the Index folder and the partitioninfo.xml. (DO NOT DELETE ANY FILES THAT END WITH EXTENSION *.NDS)
  5. Open the Index_data directory and delete any indexing files that have the partition date in the name. 
    • If the partition to be reindexed was 20100328, here is example of the files to delete:

      "volume=Archive1;partition=20100328;stream=1;block=1.available"

  6. Restart the Log Archive Service.

The next steps will guide you through reindexing that partition:

  1. Verify the partitioninfo.xml was recreated in the Partition directory that's to be reindexed.
  2. Open the command prompt.
  3. Change directory to the installation folder of the Log Archive Resolve Kit.
  4. Run the following command:

    LogArchiveReindexer.exe NetIQ.LogArchive.Index YOURVOLUMENAME PARTITIONDIRECTORYNAME INCLUDECLOSED

    Note: To get your Volume name, see the following steps:

    1. Click on Start, All Programs, NetIQ Security Manager, Configuration, Log Archive Configuration.
    2. Inside the Log Archive Configuration, it will list each attached Volume.

  5. Wait for the process to finish and restart the Log Archive Service.

After the service is restarted the Log Archive server will start to write the indexes to the partition. You will need to wait at least 24 hours for the indexes to be written. You will be able to verify the partition has been fixed, when it's identified as closed.

You can check to see if a partition is closed by viewing the parititoninfo.xml of that partition in question.

  1. Open Windows Explorer.
  2. Browse to the following Partition that's been reindexed.
  3. Open the parititioninfo.xml.
  4. Look for the following data at the top of the file: closed="true"
  5. Close the partitioninfo.xml. (DO NOT SAVE ANY CHANGES)

Cause

NetIQ Log Archive Events that could signify that you need to reindex the indicated Volume Partition.

Application Log
Event Type: Warning
Event Source: NetIQ Log Archive
Event Category: DataStore
Event ID: 1026
Date:  n/a
Time:  n/a
User:  n/a
Computer: n/a
Description:
The NetIQ Security Manager Log Archive partition <Log Archive servername> %partitionnumber%
has temporary files lingering in an index directory. This partition can not be
closed and is potentially corrupt. Restart the Log Archive service to repair.


Application Log
Event Type: Error
Event Source: NetIQ Log Archive
Event Category: None
Event ID: 1039
Date:  n/a
Time:  n/a
User:  n/a
Computer: n/a
Description:
An error occurred indexing the following directory. An index verification will now
take place. (%\LogArchiveVolumepath\Partition\Index\*)

Application Log
Event Type: Error
Event Source: NetIQ Log Archive
Event Category: None
Event ID: 1042
Date:  n/a
Time:  n/a
User:  n/a
Computer: n/a
Description:
The index was verified and was found to be valid. Indexing will be reattempted.

Additional Information

Formerly known as NETIQKB72176