Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Security System
  5. MARS
  6. Install and setup manual

Access The Data Within An Archived File; Recovery Management - Cisco MARS Install And Setup Manual

Hide thumbs

Advertisement

Recovery Management

Access the Data Within an Archived File

You can access the event data in an archived file allows to review the events contained therein. You may
want to perform this task to look at a particular time range of events or to perform post processing on
the data.
For other options on accessing archived data, see
Tip
To access the data within an archived file, follow these steps:
Step 1
Perform the following command at the command line interface of the archive server:
where archive_path is the remote path value specified in
MARS Appliance, page
To select the archive to review, enter the following command:
Step 2
where YYYY-MM-DD is the date that the archive file was created.
To view the list of archive files for the selected data, enter the following command:
Step 3
Step 4
To extract the data from the archive file, enter the following command:
where filename is the name of the file to extract. The list of available files are based on a timestamp for
when they were created.
To view the file's contents, enter the following command:
Step 5
You can use any text editor or run scripts against the data in these files. However, you should not change
the contents of these zipped files or leave extracted data or additional files in the archive folders. MARS
cannot process new or extracted files when performing a restore operation.
Recovery Management
MARS Appliance functionality includes two procedures that you can perform using the MARS
Appliance Recovery DVD-ROM. The approach you should take to recover your appliance depends upon
whether or not you have archived data that you want to recover as well. Two decisions affect how you
will recover your MARS Appliance:
Install and Setup Guide for Cisco Security MARS
6-32
cd <achive_path>
6-30.
cd <YYYY-MM-DD>
cd ES ls -l
gunzip <filename>
vi <filename>
Re-Image a Global Controller or Local Controller. The procedure for recovering an appliance is
unique to the role that the appliance has in the STM system. Global Controllers require an additional
operation on each monitored Local Controller.
Chapter 6
Administering the MARS Appliance
Typical Uses of the Archived Data, page 6-21
Configure the Data Archive Setting for the
OL-14672-01

Advertisement

loading

Related Manuals for Cisco MARS

Related Content for Cisco MARS