Re: Search Issues
I ran into this bug too. There is a regular expression in webui/model/search/message.php that needs tweaking. https://bitbucket.org/jsuto/piler/issues/601 - $terms = preg_replace("/(\'|\"|\=|\>|\<)/", "", $terms); + $terms = preg_replace("/[^\w\s]/", "", $terms); On 09/30/2015 07:37 AM, srisin...@meintl.com wrote: (from: ema...@domain.com| ema...@domain.com | ema...@domain.com <mailto:ema...@domain.com>) When we ran this search, we seemed to get the proper amount of emails, but no text appeared in the email results. -- James Macdonell Information Security & Emerging Technologies California State University, San Bernardino 5500 University Parkway San Bernardino, CA 92407-2393 Main Line: 909/537-7262 http://its.csusb.edu/ PGP: 0xBE849E4B smime.p7s Description: S/MIME Cryptographic Signature
Re: max hits, paging, and download all hits
On 08/11/2015 07:34 AM, Janos SUTO wrote: Btw. James, would you share your modified pilerexport program? I mean the source code. Sorry, that pilerexport was a hypothetical. I *would* share, if it existed. That said, I have some new investigations coming in. I may have to code up something. So far, though, I'm only dealing with ~30 results, so the web interface works just fine for now :-) -- James Macdonell Information Security Emerging Technologies California State University, San Bernardino 5500 University Parkway San Bernardino, CA 92407-2393 Main Line: 909/537-7262 http://its.csusb.edu/ PGP: 0xBE849E4B smime.p7s Description: S/MIME Cryptographic Signature
Re: max hits, paging, and download all hits
On 07/20/2015 02:47 AM, Janos SUTO wrote: So we have to either limit the download button's scope to the current page. Or tie the first 1000 hits to the button no matter how many hits you have. It will be very helpful to have a more powerful bulk download button :-) I have run into cases where I've need to package up several thousand emails. For the end product, typically legal wants either a PDF or a PST. I picture using the search GUI to refine the query until I get what I expect in the sample results. I'd then use that query with a modified pilerexport and let it page through all the search results taking all the time it needs, something like: pilerexport --query 'to: jmacd...@csusb.edu, body: ice cream | yogurt , subject: !party' Alternatively, the GUI could be expanded to something like the Exchange ediscovery tool. Fill out the wizard with your various search parameters, hit submit, and it runs quietly the background somewhere. When it's ready, it sends you an (optional) email. I also see needing to enforce a hard limit somewhere. We'd have a button to download the first 1,000 as you describe and and it's up to the auditor to write queries that get in under that limit. -- James Macdonell Information Security Emerging Technologies California State University, San Bernardino 5500 University Parkway San Bernardino, CA 92407-2393 Main Line: 909/537-7262 http://its.csusb.edu/ PGP: 0xBE849E4B smime.p7s Description: S/MIME Cryptographic Signature
Re: fixing the message storage
I could see tweaking a directory scheme to include the year and month. So, the directories would by 4- or 5-levels: ./2015/04/ff/fff/ff/ That would make it easier to use the symlink suggestion from extremeshok. Related to the topic, it would be useful to have the storage scheme mentioned in the install documents. I might have tweaked my inode ratio had I known each message was stored as a file. What I ended up doing was making /var a logical volume sitting on vg containing of two AWS physical volumes. That way I could add more physical volumes and extend the LV as needed. Not quite what the request is for, but it's similar. On 04/22/2015 06:44 AM, Janos SUTO wrote: Dear piler-users, I'm not sure if you like the way piler stores message files, eg. zillions of small files in a 3-level dir structure. Someone asked for supporting multiple storages (https://bitbucket.org/jsuto/piler/issue/540/multiple-storage). I'd like to hear your opinions on the matter as well. Janos -- James Macdonell Information Security Emerging Technologies California State University, San Bernardino 5500 University Parkway San Bernardino, CA 92407-2393 Main Line: 909/537-7262 http://its.csusb.edu/ PGP: 0xBE849E4B smime.p7s Description: S/MIME Cryptographic Signature
Re: Procedure for legal holds?
On 03/13/2015 06:38 AM, Janos SUTO wrote: So whenever you have to maintain a litigation hold, simply disable purging on the health page, and piler won't remove even aged messages. When the hold is over, then enable it again, that's all. I really need to find a method more granular than turning purge on/off. We have thousands of employees and somebody is always on legal hold. I need to maintain the default retention for the 99% not on legal hold to meet data retention standards (and to keep future ediscovery cases manageable). I'm considering Konstantin's method (thank you for that!). I'm also thinking of leaving the metadata table as-is, but maintaining another table that allows exceptions to the standard retention. Something like: SELECT ... from metadata as m WHERE ... retained NOW() AND m.from NOT IN (SELECT value FROM legal_hold WHERE key = 'from') AND m.to NOT IN (SELECT value FROM legal_hold WHERE key = 'to') -- James Macdonell Information Security Emerging Technologies California State University, San Bernardino 5500 University Parkway San Bernardino, CA 92407-2393 Main Line: 909/537-7262 http://its.csusb.edu/ PGP: 0xBE849E4B smime.p7s Description: S/MIME Cryptographic Signature