Backup process for McAfee devices



Similar documents
Moving the Web Security Log Database

Moving the TRITON Reporting Databases

How to protect, restore and recover SQL 2005 and SQL 2008 Databases

Configuration Guide. Remote Backups How-To Guide. Overview

McAfee SIEM Alarms. Setting up and Managing Alarms. Introduction. What does it do? What doesn t it do?

How to Back Up and Restore an ACT! Database Answer ID 19211

Hyperoo 2.0 A (Very) Quick Start

McAfee Enterprise Security Manager 9.3.2

Time Stamp. Instruction Booklet

Brocade Network Advisor High Availability Using Microsoft Cluster Service

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Chapter 25 Backup and Restore

Backup Server: User Manual. Version 2.1-p2

How to add your Weebly website to a TotalCloud hosted Server

Actualtests.com - The Power of Knowing

How To Set Up Dataprotect

Instructions for update installation of ElsaWin 5.00

SQL Server Replication Guide

How To Run Paragon Boot Camp Backup On A Mac Computer (Windows) On A Pc Or Mac (Windows 2) On An Ntos 2 (Windows 3) On Your Computer Or Ipad (Windows 1) On Pc Or Ipa

5.6.3 Lab: Registry Backup and Recovery in Windows XP

BACKUP & RESTORE (FILE SYSTEM)

Setting up FileMaker 10 Server

SonicWALL CDP Local Archiving

1. Product Information

epolicy Orchestrator Log Files

Online Backup Client User Manual Linux

GWAVA 5. Migration Guide for Netware GWAVA 4 to Linux GWAVA 5

Migrating Mobile Security for Enterprise (TMMS) 8.0 to version 9.0

VTLBackup4i. Backup your IBM i data to remote location automatically. Quick Reference and Tutorial. Version 02.00

Backup/Restore Utility (Version 2.1)

SyncThru Database Migration

Ahsay Offsite Backup Server and Ahsay Replication Server

Lieberman Software Corporation Enterprise Random Password Manager

Practice Fusion API Client Installation Guide for Windows

Managing ACE Software Licenses

Using Symantec NetBackup with Symantec Security Information Manager 4.5

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

OroTimesheet 7 Installation Guide

DSX-HSCS Hot Swap Comm Server

RecoveryVault Express Client User Manual

AKCess Pro Server Backup & Restore Manual

Reflection DBR USER GUIDE. Reflection DBR User Guide. 995 Old Eagle School Road Suite 315 Wayne, PA USA

McAfee Security Information Event Management (SIEM) Administration Course 101

Online Backup Linux Client User Manual

Online Backup Client User Manual

How to Test Out Backup & Replication 6.5 for Hyper-V

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

Avigilon Control Center System Integration Guide

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Backing Up TestTrack Native Project Databases

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

CommVault Simpana Archive 8.0 Integration Guide

Data Test/Restore on Network Drive for Windows 7

Acronis Recovery TM for Microsoft Exchange TM

Synchronizer Installation

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

ecopy ShareScan 5.0 SQL installs guide

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Compiere ERP & CRM Installation Instructions Linux System - EnterpriseDB

Installation of MicroSoft Active Directory

Managing Software and Configurations

SourceAnywhere Service Configurator can be launched from Start -> All Programs -> Dynamsoft SourceAnywhere Server.

Upgrade Guide BES12. Version 12.1

Vess A2000 Series. NVR Storage Appliance. Windows Recovery Instructions. Version PROMISE Technology, Inc. All Rights Reserved.

NexentaConnect for VMware Virtual SAN

Zen Internet. Online Data Backup. Zen Vault Professional Plug-ins. Issue:

WA1791 Designing and Developing Secure Web Services. Classroom Setup Guide. Web Age Solutions Inc. Web Age Solutions Inc. 1

Using AppMetrics to Handle Hung Components and Applications

RSA Authentication Manager

LICENSE4J FLOATING LICENSE SERVER USER GUIDE

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Client for Macintosh

Performing Administrative Tasks

FileMaker Server 11. FileMaker Server Help

Avira Management Console AMC server configuration for managing online remote computers. HowTo

CONNECT-TO-CHOP USER GUIDE

Livestock Office Backup Database

TSM Studio Server User Guide

Attix5 Pro Server Edition

HP Data Protector Integration with Autonomy IDOL Server

NetNumen U31 R06. Backup and Recovery Guide. Unified Element Management System. Version: V

USB Bare Metal Restore: Getting Started

ServerPronto Cloud User Guide

DS License Server. Installation and Configuration Guide. 3DEXPERIENCE R2014x

QUANTIFY INSTALLATION GUIDE

MDM Mass Configuration Tool User s Manual

Getting Started. Backup Repositories. Getting Started 1/6

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Studio 5.0 User s Guide

DCS-COMPASS project backup procedure C.Q. 29/08/03

CA /BrightStor ARCserve9 Backup Software

AppAssure Software Information Collection Utility: AAInfo

DS License Server V6R2013x

VOICE IMPROVEMENT PROCESSOR (VIP) BACKUP AND RECOVERY PROCEDURES - Draft Version 1.0

Technical Support Set-up Procedure

Setting up Hyper-V for 2X VirtualDesktopServer Manual

How To Recover From A Disaster In An Exchange 5.5 Server

Maintaining the Content Server

Cookbook Backup, Recovery, Archival (BURA)

ZyWALL OTPv2 Support Notes

Transcription:

Backup process for McAfee devices ESM (Standalone) Backup The backup process on the ESM is intended to create a backup of the tables on the ESM for restoring the configuration of the ESM. There are two backup types Full or incremental. They are described below. A Full backup is a backup of all database table files uncompressed to a remote storage location. This backup type can back up to a CIFS/NFS location. The storage location is mounted before the backup starts and is checked each time to ensure the backup begins. It is expected that the backup location will contain more than one backup file unless the backup location is maintained by the user. The files are copied uncompressed to the storage location for storage and subsequent restoration. For a list of the tables backed up from the ESM is listed the backup.log file is stored with backup. The path backup files will be copied to appears like this: xx.xx.xx.xx:/backupfolder/etm-xx_9.3.1_2013_12_25_215739_f/ An incremental backup is a backup of ESM configuration files compressed to a local or remote storage location. There is also an option to back up the event/flow/log data for the last 24 hours. (based off last backup time stamp) For a list of the tables backed up from the ESM, open the backup.log file is stored within the backup.zip file each time the backup is run. The backup log file contains the tables that are backed up and the records in each table that was backed up. See the output of the file below: TABLE ADGROPSM (2013-12-19 09:12:05) (63928 record (s)) (0 deleted TABLE ADGroup (2013-12-19 09:12:05) (336 record (s)) (0 deleted TABLE AGGXCPTN (2013-12-19 09:12:05) (4 record (s)) (0 deleted TABLE ASSETGRP (2013-12-19 09:12:05) (4 record (s)) (0 deleted TABLE ASSTGRRF (2013-12-19 09:12:05) (20014 record (s)) (0 deleted TABLE ASSTVBLT (2013-12-19 09:12:05) (2339 record (s)) (0 deleted TABLE ASSTVNDR (2013-12-19 09:12:05) (20009 record (s)) (0 deleted TABLE ATCRTRL (2013-12-19 09:12:05) (10 record (s)) (0 deleted TABLE ATCRTRLC (2013-12-19 09:12:05) (160 record (s)) (0 deleted TABLE Access (2013-12-19 09:12:05) (778 record (s)) (170 deleted TABLE Action (2013-12-19 09:12:05) (39 record (s)) (0 deleted TABLE Asset (2013-12-19 09:12:05) (20009 record (s)) (0 deleted TABLE BLACKLST (2013-12-19 09:12:05) (1 record (s)) (0 deleted TABLE BLCKLFFR (2013-12-19 09:12:05) (0 record (s)) (0 deleted TABLE CASEVNTS (2013-12-19 09:12:05) (203 record (s)) (0 deleted TABLE CHANGELG (2013-12-19 09:12:06) (41473 record (s)) (0 deleted TABLE CONDITIN (2013-12-19 09:12:06) (26 record (s)) (0 deleted TABLE CaseMgt (2013-12-19 09:12:06) (184 record (s)) (0 deleted

TABLE CaseOrg (2013-12-19 09:12:06) (1 record (s)) (0 deleted TABLE Class (2013-12-19 09:12:06) (68 record (s)) (0 deleted TABLE DEVICEFO (2013-12-19 09:12:06) (7 record (s)) (0 deleted TABLE DTNRCHMT (2013-12-19 09:12:06) (5 record (s)) (0 deleted TABLE DTNRCLDS (2013-12-19 09:12:06) (3 record (s)) (0 deleted TABLE DTNRCPSD (2013-12-19 09:12:06) (3 record (s)) (0 deleted TABLE DVCFLSJN (2013-12-19 09:12:06) (28 record (s)) (67 deleted TABLE EMAILGRP (2013-12-19 09:12:06) (1 record (s)) (0 deleted TABLE EMLDDRSS (2013-12-19 09:12:06) (8 record (s)) (0 deleted TABLE EMailGro (2013-12-19 09:12:06) (3 record (s)) (0 deleted TABLE ESMFLTRS (2013-12-19 09:12:06) (0 record (s)) (0 deleted TABLE EVNTFDNG (2013-12-19 09:12:06) (3 record (s)) (0 deleted TABLE EXTDVCTT (2013-12-19 09:12:06) (259 record (s)) (0 deleted TABLE EXTRNLDV (2013-12-19 09:12:06) (109 record (s)) (0 deleted TABLE GeoLoc (2013-12-19 09:12:08) (806266 record (s)) (0 deleted TABLE Groups (2013-12-19 09:12:08) (10 record (s)) (0 deleted TABLE HCFILTRS (2013-12-19 09:12:08) (0 record (s)) (0 deleted TABLE HLTHSNGS (2013-12-19 09:12:08) (16854 record (s)) (0 deleted TABLE Hosts (2013-12-19 09:12:08) (489 record (s)) (0 deleted TABLE ICMPType (2013-12-19 09:12:08) (66 record (s)) (0 deleted TABLE IPS (2013-12-19 09:12:08) (153 record (s)) (2382 deleted TABLE IPSBlob (2013-12-19 09:12:09) (731 record (s)) (612 deleted TABLE IPSCHANG (2013-12-19 09:12:09) (153 record (s)) (2382 deleted TABLE IPSCheck (2013-12-19 09:12:09) (15 record (s)) (0 deleted TABLE ITMRGHTS (2013-12-19 09:12:09) (4 record (s)) (0 deleted TABLE LCLSTRNG (2013-12-19 09:12:09) (975382 record (s)) (0 deleted TABLE LOGCATGR (2013-12-19 09:12:09) (11 record (s)) (0 deleted TABLE MSSGTMPL (2013-12-19 09:12:09) (11 record (s)) (0 deleted TABLE NDDVCNFC (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDDVCSSS (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDDVCVLN (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDDevice (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDEPDVCS (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDEPPRMS (2013-12-19 09:12:09) (1 record (s)) (0 deleted TABLE NDFLDRDC (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDFolder (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDIPLoc (2013-12-19 09:12:09) (419 record (s)) (0 deleted TABLE NDNDPHST (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDNDPNTP (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDNDPNTS (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDNDPSTR (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDNGHBRS (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDPRMLSN (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDPRMSDL (2013-12-19 09:12:09) (1 record (s)) (0 deleted

TABLE NDPROCSS (2013-12-19 09:12:09) (3 record (s)) (0 deleted TABLE NDPRTCRL (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NDParams (2013-12-19 09:12:09) (1 record (s)) (0 deleted TABLE NDSRCLTS (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NOTIFCTN (2013-12-19 09:12:09) (31 record (s)) (0 deleted TABLE NTFCTBRS (2013-12-19 09:12:09) (123 record (s)) (53 deleted TABLE NTFCTNCH (2013-12-19 09:12:09) (31 record (s)) (0 deleted TABLE NTFCTNCN (2013-12-19 09:12:09) (61 record (s)) (1 deleted TABLE NTFCTNML (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NTFCTNSR (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE NTFCTTTR (2013-12-19 09:12:09) (326 record (s)) (0 deleted TABLE Notes (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE Notifica (2013-12-19 09:12:09) (7 record (s)) (0 deleted TABLE Query (2013-12-19 09:12:09) (1255 record (s)) (0 deleted TABLE RGHTSMNT (2013-12-19 09:12:09) (147 record (s)) (0 deleted TABLE RMTCMMND (2013-12-19 09:12:09) (1 record (s)) (0 deleted TABLE RMTCMTTR (2013-12-19 09:12:09) (3 record (s)) (0 deleted TABLE RPRTCMNT (2013-12-19 09:12:09) (2316 record (s)) (0 deleted TABLE RPRTFLDR (2013-12-19 09:12:09) (96 record (s)) (0 deleted TABLE RULEPARA (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE RULEPARM (2013-12-19 09:12:09) (404 record (s)) (3 deleted TABLE RULEUSEE (2013-12-19 09:12:09) (50968 record (s)) (100689 deleted TABLE Reports (2013-12-19 09:12:09) (900 record (s)) (0 deleted TABLE Rights (2013-12-19 09:12:09) (27 record (s)) (0 deleted TABLE Rule (2013-12-19 09:12:10) (475432 record (s)) (0 deleted TABLE RuleVA (2013-12-19 09:12:10) (19445 record (s)) (0 deleted TABLE OS (2013-12-19 09:12:09) (28 record (s)) (0 deleted TABLE RuleVIN (2013-12-19 09:12:10) (16711 record (s)) (0 deleted TABLE PLUGINDT (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE PREPRCSS (2013-12-19 09:12:09) (19 record (s)) (0 deleted TABLE PRPRCPTN (2013-12-19 09:12:09) (3 record (s)) (0 deleted TABLE PRPRCSRP (2013-12-19 09:12:09) (11 record (s)) (0 deleted TABLE Plugins (2013-12-19 09:12:09) (0 record (s)) (0 deleted TABLE PortApps (2013-12-19 09:12:09) (96 record (s)) (0 deleted TABLE Ports (2013-12-19 09:12:09) (4460 record (s)) (0 deleted TABLE Profile (2013-12-19 09:12:09) (11 record (s)) (0 deleted TABLE SENDEMAL (2013-12-19 09:12:10) (0 record (s)) (1 deleted TABLE SENDSSLG (2013-12-19 09:12:10) (0 record (s)) (0 deleted TABLE SLCTFLDM (2013-12-19 09:12:10) (163 record (s)) (0 deleted TABLE SMXRef (2013-12-19 09:12:10) (0 record (s)) (0 deleted TABLE SSSTTNGS (2013-12-19 09:12:10) (269 record (s)) (0 deleted TABLE STRINGMP (2013-12-19 09:12:10) (143764 record (s)) (0 deleted TABLE Scoring (2013-12-19 09:12:10) (3 record (s)) (1 deleted TABLE TAGSVBTS (2013-12-19 09:12:10) (74 record (s)) (0 deleted

TABLE TGPDTXTN (2013-12-19 09:12:10) (57 record (s)) (29 deleted TABLE TGSSTGRP (2013-12-19 09:12:10) (31 record (s)) (0 deleted TABLE TGSSTXTN (2013-12-19 09:12:10) (64 record (s)) (0 deleted TABLE THRDPNFG (2013-12-19 09:12:10) (1223 record (s)) (1701 deleted TABLE THRDPRTP (2013-12-19 09:12:10) (440 record (s)) (0 deleted TABLE TPTPPPLC (2013-12-19 09:12:10) (14 record (s)) (0 deleted TABLE TRGGRDLM (2013-12-19 09:12:10) (2309 record (s)) (1 deleted TABLE USERLCNS (2013-12-19 09:12:11) (17 record (s)) (0 deleted TABLE USERSTTS (2013-12-19 09:12:11) (1 record (s)) (0 deleted TABLE USRFLTST (2013-12-19 09:12:11) (5727 record (s)) (0 deleted TABLE USRPSDJN (2013-12-19 09:12:11) (0 record (s)) (0 deleted TABLE USRVWXSN (2013-12-19 09:12:11) (0 record (s)) (0 deleted TABLE User_IPS (2013-12-19 09:12:11) (14 record (s)) (0 deleted TABLE Users (2013-12-19 09:12:11) (32 record (s)) (0 deleted TABLE Tag (2013-12-19 09:12:10) (917 record (s)) (0 deleted TABLE UsersPW (2013-12-19 09:12:11) (22 record (s)) (0 deleted TABLE TagAsset (2013-12-19 09:12:10) (20089 record (s)) (0 deleted TABLE TagRule (2013-12-19 09:12:10) (271341 record (s)) (0 deleted TABLE Theme (2013-12-19 09:12:10) (12 record (s)) (0 deleted TABLE Timezone (2013-12-19 09:12:10) (74 record (s)) (0 deleted TABLE VAREXCEP (2013-12-19 09:12:11) (9 record (s)) (0 deleted TABLE VIEWFLDR (2013-12-19 09:12:11) (106 record (s)) (0 deleted TABLE VULNRBLT (2013-12-19 09:12:11) (6293 record (s)) (0 deleted TABLE VWCMPNNT (2013-12-19 09:12:11) (5362 record (s)) (0 deleted TABLE Triggere (2013-12-19 09:12:10) (0 record (s)) (4 deleted TABLE UCFA2C (2013-12-19 09:12:10) (3041 record (s)) (0 deleted TABLE Var TABLE View (2013-12-19 09:12:11) (129 record (s)) (0 deleted (2013-12-19 09:12:11) (893 record (s)) (0 deleted TABLE UCFC2U (2013-12-19 09:12:10) (5432 record (s)) (0 deleted TABLE UCFN2U (2013-12-19 09:12:10) (58 record (s)) (0 deleted TABLE UCFName (2013-12-19 09:12:10) (3388 record (s)) (0 deleted TABLE UPDATBLB (2013-12-19 09:12:11) (14 record (s)) (0 deleted TABLE WMIType (2013-12-19 09:12:11) (336 record (s)) (0 deleted TABLE WTCHLSLS (2013-12-19 09:12:47) (149479 record (s)) (90095746 deleted TABLE WTCHLSTS (2013-12-19 09:12:47) (20 record (s)) (0 deleted TABLE ZONEIPMA (2013-12-19 09:12:47) (258 record (s)) (0 deleted TABLE USERFILD (2013-12-19 09:12:11) (225 record (s)) (0 deleted TABLE USERFLDS (2013-12-19 09:12:11) (228 record (s)) (0 deleted TABLE Zone (2013-12-19 09:12:47) (257 record (s)) (0 deleted The backup occurs live so the ESM is not restarted as the backup proceeds. The files are stored into the folder /data_hd /usr/local/ess/dbbackupwork/ where they are tarred up and compressed in a.zip file. The final file is stored in /data_hd/usr/local/ess/dbbackup/ for presentation in the File Maintenance UI

in the SIEM GUI. The best way to follow the backup process is by watching the message box in the ESM GUI. It will look something like this: A remote backup type can back up to a CIFS/NFS location. The storage location is mounted before the backup starts and is checked each time to ensure the backup begins. It is expected that the backup location will contain more than one backup file unless the backup location is maintained by the user. The backup files are copied compressed to the storage location for storage and subsequent restoration. For remote folders the path name will look like this: xx.xx.xx.xx:/backupfolder/etm-xx_9.3.1_2013_12_25_021738_i.zip The restore process is used to restore the ESM configuration and data back to the ESM. It works in an opposite manner from the back up process. The file selected from the File Maintenance UI in the SIEM GUI is copied to the /data_hd/usr/local/ess/dbrestore folder. The ESM must be shut down to restore the DB tables correctly. After that process is stopped the.zip file is untarred up and placed in the /data_hd /usr/local/ess/dbbackupwork/ folder to be copied to the correct folders on the ESM. After that the ESM is restarted to recognize the new configuration placed on it. The best way to follow the process is by logging onto the console of the ESM and look at the /var/log/messages file. It will look something like this: Dec 20 02:22:25 McAfee [55337]: RestoreDB - started Dec 20 02:22:25 McAfee [55337]: Opened database - /db2/usr/local/ess/data/ngcp.dfl - system number - 1 Dec 20 02:22:26 McAfee [55337]: RestoreDB - extracting file: - /db1/usr/local/ess/dbrestore/etm- X4_9.3.1_2013_12_19_220919_I.zip

Dec 20 02:22:26 McAfee [55337]: Opened database - /db1/usr/local/ess/dbrestore/ngcpold.dfl - system number - 2 Dec 20 02:23:42 McAfee [55337]: RestoreDB - restoring file: - /db1/usr/local/ess/dbrestore/etmxx_9.3.1_2013_12_20_220919_i.zip Dec 20 02:23:42 McAfee [55337]: RestoreDB - restoring on primary.. Dec 20 02:25:48 McAfee [55337]: RestoreDB - restore system tables complete Dec 20 02:25:57 McAfee [55337]: RestoreDB - finished ESM( Redundant) A redundant ESM is limited on the functionality it can perform compared to a primary (standalone) ESM but it will get all settings that a standalone ESM is given to ensure it comes up fully configured when placed in primary mode. An error is given to indicate the backup capability is turned off. The redundant will still have access restore backups that are available on the remote backup folders. ELM The backup process on the ELM is intended to create a backup of the Management DB tables on the ELM for restoring the configuration of the ELM and the log file indexes currently on the ELM. The folders created by the backup and the backup files put there are described below.

Remote backup mount point: xx.xx.xx.xx:/backupfolder/ The files/folders created are: NitroGuard/ alloc.conf backupelm.conf customfields.conf das.conf elmer_file_timeout.conf ffg_fws.conf ffg_web.conf fips.conf freetds-gsql.conf globals.conf mgtdbloc.conf network.conf nitrosnmp.conf storage.conf thirdparty.conf vathirdparty.conf buildstamp mgtdb/ NitroError.Log ds2rg.data elm.cfd

elm.cfg elm.cpy elm.dfl elm.old elmmsg.txt rg/ rg.data rg2sh.data sh.data sr.data A log file indexes backup is a backup of all database table files (also called the Management DB) uncompressed to a remote storage location. This backup type can back up to a CIFS/NFS location. The storage location is mounted before the backup starts and is checked each time to ensure the backup begins. It is expected that the backup location will contain more than one backup file unless the backup location is maintained by the user. The data index files are copied uncompressed to the storage location for storage and subsequent restoration. For a list of the tables backed up from the ELM is listed above. A configuration backup is a backup of ELM configuration files uncompressed to a remote storage location. These files contain paths and configuration data for the processes that run on the ELM. Some of the configuration is use in the ELM GUI but most is configuration used by the runtime components of the ELM. For a list of the configuration files backed up from the ELM see above. When a backup is started the ELM Properties dialog will show the backup in progress. (see below)

A backup will usually complete in 5 10 minutes unless there are connection issues or speed issues copying files to the remote share. You can also follow the process is by logging onto the console of the ELM and look at the /var/log/messages file. It will look something like this: Dec 25 06:33:56 McAfee backupelm[21996]: Starting elm backup.. Dec 25 06:36:15 McAfee backupelm[22016]: Elm backup completed The restore process is used to restore the ELM configuration and log file indexes back to the ELM. It works in an opposite manner from the back up process. The Restore Backup button in the ELM Bakup and restore GUI is pressed and the ELM backup is copied to the /data_hd/usr/local/elm/ folder.

The ELM must be shut down to restore the DB tables correctly. After that process is stopped the ELM configuration files are copied to the correct folders on the ELM. After copying is finished the ELM is restarted to recognize the new configuration placed on it. The best way to follow the process is by logging onto the console of the ELM and look at the /var/log/messages file. It will look something like this: Dec 25 06:55:40 McAfee elmd[22713]: Stopping (Parent pid) = 22696 Dec 25 06:55:40 McAfee elmd[22713]: Flushing Database /usr/local/elm/mgtdb/elm.dfl Dec 25 06:55:40 McAfee elmd[22713]: Flushing Database /usr/local/elm/mgtdb/rg/rg_1/elmlf_1.dfl Dec 25 06:55:40 McAfee elmd[22713]: Flushing Database /usr/local/elm/mgtdb/rg/rg_2/elmlf_2.dfl Dec 25 06:55:41 McAfee elmd[22713]: Flushing Database /usr/local/elm/mgtdb/rg/rg_3/elmlf_3.dfl Dec 25 06:55:41 McAfee elmd[22713]: Flushing Database completed! Dec 25 06:56:37 McAfee SetStorageConf[3478]: Starting to mount Dec 25 06:56:37 McAfee SetStorageConf[3478]: mount returned [1] for Dec 25 06:56:37 McAfee SetStorageConf[3478]: Verifying NFS224 Dec 25 06:56:37 McAfee SetStorageConf[3478]: Verifying local The ELM restore will finish and you will see an OK in the ELM properties dialog.

Receiver (Standalone) There are no specific backup capabilities on the Receiver. The Receiver has a 25 partition design that stores the event/flow data long enough for the ESM to retrieve it off of the device. As long as the ESM is current pulling data over to the ESM the Receiver data is available and can be backed up on the ESM. Receiver (HA) HA Receivers employ a backup mechanism called a redundant device. (like the redundant ESM is to the primary ESM) The data shared between HA receivers keeps a back up active to allow for fail over of the Receiver device. As above, there are no specific backup capabilities on the Receiver. The Receiver has a 25 partition design that stores the event/flow data long enough for the ESM to retrieve it off of the device. As long as the ESM is current pulling data over to the ESM the Receiver data is available and can be backed up on the ESM. ACE There are no specific backup capabilities on the ACE. The ACE has a 25 partition design that stores the event/flow data long enough for the ESM to retrieve it off of the device. As long as the ESM is current pulling data over to the ESM the Receiver data is available and can be backed up on the ESM.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information