SonarG 4.1

SonarW Collections

The sonargd daemon creates and accesses several collections within SonarW, as described below.

system.ingest

Sonargd will verify that the ingested collections are defined properly in the collection; if not, they will be added. If ingested collections are defined differently from what is expected, sonargd will report a critical error.

gid

Sonargd creates a unique gid (gmachine id) for each gmachine. The gmachine name is taken from the first part of the file name in the set. For consistency, gmachine names are stored in a special collection in SonarW. By default this collection is named gid, but this can be configured by editing /etc/default/sonargd. If you modify this collection after files were processed, rename the collection in both SonarW and the configuration file at the same time, or gmachine id conflicts will occur.

grdm

For each file set that has been processed, a document will be inserted into this collection. The document's keys are described below:

n – The hostname of the machine that the file came from (if given).

v – The total amount of MB that were processed by sonargdm (uncompressed).

t – The current time and date.

files – The list of files processed.

grdmrec

This is a more detailed data extract log that records precise record counts during ingestion.

sonargd_log

When sonargdm is being run by sonargd, it might produce an abundant amount of log messages. These will be stored in a log file per set, and this collection provides information about this file. Each document in this collection includes file_timestamp, which is the timestamp given in the processed file, logfile, which has the full path of the log file from sonargdm, and timestamp, which is the current time.

Log files are named sonargdm.<timestamp>:<collector>.<n>.log and are located in the Log Directory.

distinct_*

Several collections named with the prefix distinct_ will be created, that summarize the distinct values of Database name, DB User name, OS User, Source Program, Server IP, Analyzed client IP, Client host name, Server host name, Server type and Service name.

These collections are only created/updated after ingesting the session collection.

top_*

For each of the distinct_* collections, there exists a top_* collection that will contain only the top 100 of each specified value, based on the number of occurrences in each respective session collection.

These collections will only be created/updated after ingesting the session collection.