...
| Code Block |
|---|
[root@opmantek ~]# mongo -u opUserRW -p op42flow42 nmis --eval 'db.rawlogs.findOne()'
MongoDB shell version v3.4.9
connecting to: mongodb://127.0.0.1:27017/nmis
MongoDB server version: 3.4.9
{
"_id" : ObjectId("5543df5db5d690352f1eb2cb"),
"entry" : "2015-05-01T16:17:19\t10.73.225.166\tUDP: [10.73.225.166]:14445->[10.72.0.31]\tSNMPv2-MIB::sysUpTime.0=23:5:15:52.26\tSNMPv2-MIB::snmpTrapOID.0=SNMPv2-SMI::enterprises.8072.4.0.3\tSNMPv2-MIB::snmpTrapEnterprise.0=SNMPv2-SMI::enterprises.8072.4",
"time" : NumberLong(1430511439),
"eventid" : ObjectId("5543df5db5d690352f1eb2ca"),
"type" : "nmis_traplog"
}
|
Notice the 'time' property above; 1430511439. The date command may be used to reveal when this was.
| Code Block |
|---|
[root@opmantek ~]# date --date @1430511439
Fri May 1 20:17:19 UTC 2015 |
The purge command can be passed a value in minutes with the option 'events_purge_older_than'.
| Code Block | ||
|---|---|---|
| ||
### Current unix epoch time
[root@opmantek ~]# date +%s
1513316674
### Let X be The difference of current time and oldest record time converted to minutes
>>> (1513316674-1430511439)/60
1380087.25
### There are 129600 minutes in 90 days. Subtract 129600 minutes from X.
>>> 1380087 - 129600
1250487
### Based on this the events_purge_older_than should be 1250487 |