Advertisement
Chapter 6
Administering the MARS Appliance
2.
3.
Typical Uses of the Archived Data
While the primary use of an archive is to restore the appliance in response to a catastrophic software
failure, the archived data provides the following alternate uses:
•
•
•
Format of the Archive Share Files
The MARS archive process runs daily at 2:00 a.m., and it creates a dated directory for its data. You
cannot specify a different time to archive the data.
The
06/12/2005
06/12/2005
07/09/2005
07/08/2005
07/10/2005
07/11/2005
07/12/2005
07/13/2005
07/14/2005
07/15/2005
07/16/2005
07/17/2005
07/18/2005
07/19/2005
07/19/2005
07/20/2005
07/20/2005
07/22/2005
OL-14672-01
Configure the NFS Server on Linux, page 6-27
–
Configure the NetApp NFS Server, page 6-28
–
Configure Lookup Information for the NFS Server, page 6-29
Configure the Data Archive Setting for the MARS Appliance, page 6-30
Use Admin > System Maintenance > Retrieve Raw Messages to analyze historical raw messages
from periods that exceed the capacity of the local database. The data returned from raw message
retrieval is simply the audit message provided by the reporting device. The raw message is just the
message as sent by the reporting device, such as a syslog message. For more information, see
Retrieving Raw Messages, page
Manually view the archived event records, which are compressed using gzip. Viewing the data in
this manner is faster than retrieving raw messages from either the local database or the archive.
However, the record format is more complicated than the simple raw event returned by the Retrieve
Raw Messages operation. It includes all the data necessary to restore the incidents and dependent
data, including the raw message and the system data required to correlate that message with the
session, device type, five tuple (source IP, destination IP, protocol, source port, and destination port),
and all other data points. For more information, see
and
Access the Data Within an Archived File, page
Image a standby or secondary MARS Appliance to either swap into the network in the event of a
hardware failure or to access full query and report features for historical time periods. For more
information, see
Configuring a Standby or Secondary MARS Appliance, page
for Restoring, page
6-40.
directory is where the operating system backup is stored.
pnos
11:32p
<DIR>
11:32p
<DIR>
01:30a
<DIR>
04:49p
<DIR>
12:09a
<DIR>
12:12a
<DIR>
12:12a
<DIR>
12:16a
<DIR>
02:02a
<DIR>
02:02a
<DIR>
02:02a
<DIR>
02:02a
<DIR>
02:02a
<DIR>
02:02a
<DIR>
09:46p
<DIR>
07:16a
<DIR>
07:17a
<DIR>
12:13a
<DIR>
Configuring and Performing Appliance Data Backups
11-3.
Format of the Archive Share Files, page 6-21
6-32.
.
..
pnos
<-- OS Backup Directory
2005-07-08<-- Daily Data Backup Directory
2005-07-10
2005-07-11
2005-07-12
2005-07-13
2005-07-14
2005-07-15
2005-07-16
2005-07-17
2005-07-18
2005-07-19
2005-05-26
2005-05-27
2005-07-20
2005-07-22
Install and Setup Guide for Cisco Security MARS
6-40, and
Guidelines
6-21
Advertisement
Chapters
Troubleshooting
