Skip to main content

Run a Saved SecondLook Restore

To complete the SecondLook Wizard in any LogRhythm deployment that uses multiple systems in a workgroup (i.e., systems that are not joined by a domain), the user must run the Client Console as an administrator or run the Client Console as a non-administrator and use a security group member. The security group must have read/write access to the Client Console logs and the active/inactive archives. To run the Client Console as an administrator, close the Client Console and then right-click on LogRhythm Client Console on the menu and click Run as administrator. Failure to do so can cause errors during the archive restoration.
Before restoring archived logs, ensure that a restore Data Processor has been configured.

Running a saved SecondLook is similar to creating a new one.

  1. Log in to the Client Console as an administrator or a user with access to SecondLook.
  2. On the Tools menu, click Search, and then click SecondLook Wizard.
    The SecondLook Wizard appears.
  3. Select Select Saved.
  4. Double-click a saved restore.
    You are prompted to begin the restore immediately.
  5. Click OK to start the restore process, or click Cancel to return to the wizard.

If you select a saved SecondLook and click through the wizard, all of the options are populated with the information from the saved restore. You can change any of the settings, but the changes only affect the current restore. If you want to save any of the changes to the existing SecondLook, click Save on the last page of the wizard. If you want to save the modified SecondLook under a new name, change the name and click Save As on the last page of the wizard.

For more information, see Create a SecondLook Restore.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.