export Repository Data

Hi, the easiest way to export into CSV would be to just use Repository Viewer, just create a search that looks like something you want to export and use "Report... > Save Report..." menu item, keep in mind that you will need to disable limit if you want to export all of the items that go through your filters

But what I would actually ask when someone is asking for information like that - how is this information intended to be used? Because InTrust is capable of scheduled SQL import as well as event forwarding via syslog, so if the data is needed on a regular basis, I would create a continuous export or forwarding.

Thanks.

Thanks for the info... I may have over 4000 servers to query from so, I think it would take a while to run via repository viewer... Is there a command-line command or script that can replicate the option in repository viewer... this data would be historical data and nothing current.

The question of what data do you want - e.g. Windows Security Log and what do you intended to do with it - i.e. what kind of "reports" do you want to generate will guide your approach here.

"Normally", when someone wanted to analyze bulk data collected into the Repository, you would run an "import job" to bring the data into a SQL Audit DB and then you could mine it and / or export it from there.  That's all out-of-the-box functionality in the InTrust Manager.

Thanks for the info... They are only looking at downloading only security logs for a particular date then upload to a report server.. not Intrust.... I work for the federal government that this is what they are trying to do...

Thanks for the info... They are only looking at downloading only security logs for a particular date then upload to a report server.. not Intrust.... I work for the federal government that this is what they are trying to do...

Ah OK... so perhaps have a look at this:

https://support.quest.com/intrust/kb/27372/how-to-export-events-from-the-intrust-repository-in-the-windows-event-log-format-evt

Thanks, I think this can work, if you can extract to .xml or .csv..  I'll take a look at the options.

This is more specific to your ask...

https://support.quest.com/intrust/kb/178370/repository-query-tool

This link is coming up blank for me.

Mmmmm....ya that's an internal article.

Open a ticket with Support and politely ask if they can make the tool from internal KB 178370 available to you.

Thanks.. will do..