Using EsmDlibM.exe

Configuring > How to use command line tools > Using EsmDlibM.exe

Using EsmDlibM.exe

EsmDlibM.exe enables you to run operations against the file storage system where processed events are stored (database backend). Such operations include Importing or Exporting data.

To use EsmDlibM.exe:

1. Click Start > Run and key in CMD.

2. Click Ctrl + Shift + Enter to run CMD with elevated privileges.

3. Change the directory to the GFI EventsManager install directory. Example:

CD C:\Program Files\GFI\EventsManager

4. Key in EsmDlibM.exe followed by the functions described below:

/importFromSQL
/importFromDlib
/copyData
/importFromLegacyFile
/exportToFile
/importFromFile
/commitDeletedRecords
/exportToSQL

/importFromSQL

This function enables you to import data from an SQL Server^® database. The data must be exported from an older version of GFI EventsManager. The following parameters are supported:

Parameter	Description
/server:<serverName>	Specify the SQL Server^® IP address or machine name.
/database:<(maindb)\|(backupdb)\|databaseName>	Specify the type and name of the source database to import data from . Note Parameters that contain spaces must be enclosed in double quotes (“).
/dbauth:<SQL\|WIN>	Specify the authentication mode configured in the source SQL Server^®. Supported values include: SQL: to use SQL Server^® authentication WIN: to use Windows^® authentication.
/username:<username>	Specify a username that has access to the database from which you want to import data. Note Parameters that contain spaces must be enclosed in double quotes (“).
/password:<password>	Specify the password for the username specified in the /username parameter.
/anonpass1:<password>	(Optional) If the source database is anonymized, key in the primary anonymization password to decrypt import data.
/anonpass2:<password>	(Optional) If the source database is anonymized, using two anonymization keys, key in the secondary anonymization password to decrypt import data.

Example

EsmDlibM.exe /importFromSQL /server:192.168.11.11 /database:EventsDatabase /dbauth:SQL /username:sa /password:p@ss /anonpass1:p@ss

/importFromDlib

This function enables you to import data that was exported from a database server (DLIB) of an older version of GFI EventsManager. The following parameters are supported:

Parameter	Description
*/path:<path>*	Specify the path to the DLib database server. Note Parameters that contain spaces must be enclosed in double quotes (“).
*/name:<name>*	Specify the name of the DLib database you want to import. Note Parameters that contain spaces must be enclosed in double quotes (“).
*/anonpass1:<password>*	(Optional) If the source database is anonymized, key in the primary anonymization password to decrypt import data.
*/anonpass2:<password>*	(Optional) If the source database is anonymized, using two anonymization keys, key in the secondary anonymization password to decrypt import data.

Example

EsmDlibM.exe /importFromDlib /path:C:\DLibServer /name:EventsData /anonpass1:p@ss

/copyData

This function enables you to copy data from one DLib database server to another. The following parameters are supported:

Parameter	Description
/destinationPath:<destinationPath>	Specify the destination database server. Note Parameters that contain spaces must be enclosed in double quotes (“).
/destinationName:<destinationName>	Specify the destination database name. Note Parameters that contain spaces must be enclosed in double quotes (“).
/destinationEncPass:<password>	(Optional) Specify a password to encrypt data at the destination.
/sourcePath:<sourcePath>	Specify the path to the source database server. Note Parameters that contain spaces must be enclosed in double quotes (“).
/sourceName:<sourceName>	Specify the name of the source database. Note Parameters that contain spaces must be enclosed in double quotes (“).
/sourceEncPass:<password>	(Optional) Specify an encryption key to encrypt source data.
*/anonpass1:<password>*	(Optional) Specify the primary anonymization password to anonymize source data.
*/anonpass2:<password>*	(Optional) Specify a secondary anonymization password to anonymize source data using two keys.
/period:<type><number><unit>	Enables you to filter by event date to get events from the last days/weeks/months or older than days/weeks/months. For instance, to filter events that happened in the Last 24 Days, the parameter value is: l24d. And to filter events Older than 3 Weeks, the parameter value is O3W. Supported values include: <type>: o - older than l - last <number> - specify the number of days/weeks/months <unit>: d - days w - weeks m - months.
/markEventsAsDeleted	(Optional) Mark copied events as deleted from the source database. These events will no longer be visible in the management console but will still remain in the database. To completely remove them from the database, run Commit Deletions job.
/log_format:<value> /machine:<value> /importance:<value> /occured:<value>	These parameters provide the user a convenient way to filter events by the corresponding columns. Any of these filters are optional. When used together, they are linked in an AND condition on the source data. Except for machine, where the user may enter the targeted machine name as displayed in events browser, the other parameters have predefined values with obvious meaning, that are listed below. Supported values are: log_format: "windows sql audit oracle audit text logs syslog messages snmp traps monitoring importance Unclassified Low Medium High Critical NoiseRepeated log entries which report the same event. occurred Today Yesterday Last 7 days Last 30 days This month Last month.

Example

EsmDlibM.exe /copyData /destinationPath:Z:\DestServ /destinationName:DestData /sourcePath:C:\SourServ /sourceName:SourData /sourceEncPass:p@ss /markEventsAsDeleted

/importFromLegacyFile

This function enables you to import data that was exported to files from an older version of GFI EventsManager. The following parameters are supported:

Parameter	Description
/path:<path>	Specify the path to the import file. Note Parameters that contain spaces must be enclosed in double quotes (“).
/logTypes:<application, custom, directory, security, dns, filereplication, syslog, system, snmp, oracle, sql, text>	(Optional) Specify the log types you want to import. Exclude parameter to import all log types.
/password:<password>	(Optional) Specify a password to decrypt import data.
/anonpass1:<password>	(Optional) Specify the primary anonymization password to anonymize import data.
/anonpass2:<password>	(Optional) Specify a secondary anonymization password to anonymize import data using two keys.

Example

EsmDlibM.exe /importFromLegacyFile /path:C:\ImportData\Configuration.cfg /password:p@ss /anonpass1:p@ss

/exportToFile

This function enables you to export data from a DLib database server to another one as part of the data centralization process. You can also use this function to backup your data for safekeeping. The following parameters are supported:

Parameter	Description
*/path:<path>*	Specify the folder path where data is exported to. Note Parameters that contain spaces must be enclosed in double quotes (“).
/sourceEncPass:<password>	(Optional) Specify a password to encrypt source data.
/destinationEncPass:<password>	(Optional) Specify a password to encrypt destination data.
*/anonpass1:<password>*	(Optional) If the source database is anonymized, key in the primary anonymization password to decrypt exported data.
*/anonpass2:<password>*	(Optional) If the source database is anonymized using two anonymization keys, key in the secondary anonymization password to decrypt export data.
/period:<type><number><unit>	Enables you to filter by event date to get events from the last days/weeks/months or older than days/weeks/months. For instance, to filter events that happened in the Last 24 Days, the parameter value is: l24d. And to filter events Older than 3 Weeks, the parameter value is O3W. Supported values include: <type>: o - older than l - last <number> - specify the number of days/weeks/months <unit>: d - days w - weeks m - months.
/markEventsAsDeleted	(Optional) Mark copied events as deleted from the source database. These events will no longer be visible in the management console but will still remain in the database. To completely remove them from the database, run Commit Deletions job.
/log_format:<value> /machine:<value> /importance:<value> /occured:<value>	These parameters provide the user a convenient way to filter events by the corresponding columns. Any of these filters are optional. When used together, they are linked in an AND condition on the source data. Except for machine, where the user may enter the targeted machine name as displayed in events browser, the other parameters have predefined values with obvious meaning, that are listed below. Supported values are: log_format: "windows sql audit oracle audit text logs syslog messages snmp traps monitoring importance Unclassified Low Medium High Critical Noise occurred Today Yesterday Last 7 days Last 30 days This month Last month.

Example

EsmDlibM.exe /exportToFile /path:C:\ExportedDataFolder /sourceEncPass:p@ss /markEventsAsDeleted /importance:High

/importFromFile

This function enables you to import data from a file as part of the data centralization process. The import file must be created from an Export to File job. The following parameters are supported:

Parameter	Description
/path:<path>	Specify the path to where the import file is saved. Note Parameters that contain spaces must be enclosed in double quotes (“).
/password:<password>	(Optional) If the import file is password protected, key in the password.
/log_format:<value> /machine:<value> /importance:<value> /occured:<value>	These parameters provide the user a convenient way to filter events by the corresponding columns. Any of these filters are optional. When used together, they are linked in an AND condition on the source data. Except for machine, where the user may enter the targeted machine name as displayed in events browser, the other parameters have predefined values with obvious meaning, that are listed below. Supported values are: log_format: "windows sql audit oracle audit text logs syslog messages snmp traps monitoring importance Unclassified Low Medium High Critical Noise occurred Today Yesterday Last 7 days Last 30 days This month Last month.

Parameter

Description

/path:<path>

Specify the path to where the import file is saved.

Note

Parameters that contain spaces must be enclosed in double quotes (“).

/password:<password>

(Optional) If the import file is password protected, key in the password.

/log_format:<value> /machine:<value> /importance:<value> /occured:<value>

These parameters provide the user a convenient way to filter events by the corresponding columns. Any of these filters are optional. When used together, they are linked in an AND condition on the source data. Except for machine, where the user may enter the targeted machine name as displayed in events browser, the other parameters have predefined values with obvious meaning, that are listed below. Supported values are:

log_format:

"windows
sql audit
oracle audit
text logs
syslog messages
snmp traps
monitoring

importance

Unclassified
Low
Medium
High
Critical
Noise

occurred

Today
Yesterday
Last 7 days
Last 30 days
This month
Last month.

Example

EsmDlibM.exe /importFromFile /path:C:\ImportFolder\Import.cfg /password:p@ss /machine:MS11.domain.com /occured:true

/commitDeletedRecords

This function enables you to delete events that are marked as deleted from the database. The following parameters are supported:

Parameter	Description
/dbPath:<dbPath>	Specify the path to the database server which contains events marked as deleted. Note Parameters that contain spaces must be enclosed in double quotes (“).
/password:<password>	(Optional) If the database is password protected, key in the password.
/anonpass1:<password>	(Optional) If the database is anonymized, key in the password to remove anonymization.
/anonpass2:<password>	(Optional) If the database is anonymized using two anonymization keys, key in the secondary key.

Example

EsmDlibM.exe /commitDeletedRecords /dbpath:C:\DatabaseServerFolder /password:p@ss /anonpass1:pa$$

/exportToSQL

This function enables you to export specified event to SQL Server^®. The following parameters are supported:

Parameter	Description
/server:<serverName>	Specify the IP address or computer name running SQL Server^®. Note Parameters that contain spaces must be enclosed in double quotes (“).
/database:<maindb\|backupdb>	Specify the name of the destination database. Note Parameters that contain spaces must be enclosed in double quotes (“).
/dbauth:<SQL\|WIN>	Specify the authentication mode configured in the source SQL Server^®. Supported values include: SQL: to use SQL Server^® authentication WIN: to use Windows^® authentication.
/username:<username	Specify a username that has access to the database from which you want to import data. Note Parameters that contain spaces must be enclosed in double quotes (“).
/password:<password>	Specify the password for the username specified in the /username parameter.
/table:<table>	Specify the name of the destination table. Note Parameters that contain spaces must be enclosed in double quotes (“).
/period:<type><number><unit>	Enables you to filter by event date to get events from the last days/weeks/months or older than days/weeks/months. For instance, to filter events that happened in the Last 24 Days, the parameter value is: l24d. And to filter events Older than 3 Weeks, the parameter value is O3W. Supported values include: <type>: o - older than l - last <number> - specify the number of days/weeks/months <unit>: d - days w - weeks m - months.
/sourceEncPass:<password>	(Optional) If the source data is encrypted, key in the password to decrypt exported data.
/anonpass1:<password	(Optional) If the source database is anonymized, key in the primary anonymization password to decrypt exported data.
/anonpass2:<password>	(Optional) If the source database is anonymized using two anonymization keys, key in the secondary anonymization password to decrypt export data.

Example

EsmDlibM.exe /exportToSQL /server:192.168.11.11 /database:EventsDatabase /dbauth:SQL /username:sa /password:p@ss /table:EventsTable /anonpass1:pa$$

Free Trial›