---Seriously: export your policies, responses regularly to text/xml files
regularly.
Of course, I do. But, how to backup Groups, Hosts, Assets, Sensors, etc? It
seems that there's no way :-(
---3. It already supports clustering and multiple databases and
eventcollectors, but only if ISS professional services design it.
Where can I get any information about how to do this?
Thank you.
---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 095 745 89 50 (1613)
"Cooper, Stephen"
<[EMAIL PROTECTED]> To: "Sergey V Soldatov" <[EMAIL
PROTECTED]>, <[email protected]
cc:
08.02.2005 12:06 Subject: RE: [ISSForum] DB
backups and offline access
1. You cant. Pray to the gods of IT that SP does not fail. Anyway, you
can always reinstall it.....;-)
Seriously: export your policies, responses regularly to text/xml files
regularly.
It is technically impossible to build a RealsecureDB from a backup. I
have had to rebuild Site Protector 4-5 times in the last few years.
In fact the answer to 1 may be, treat RealsecureDB as ephemeral and buy
a SIM (like 2)
2. Buy a third party security information management system (SIM)
3. It already supports clustering and multiple databases and
eventcollectors, but only if ISS professional services design it.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Sergey V Soldatov
Sent: Wednesday 02, February, 2005 12:32
To: [email protected]
Subject: [ISSForum] DB backups and offline access
Hi, List.
I've faced with some questions connected with organization of DB
maintenance. Here they are.
1. All SiteProtector (SP) configurations (i.e. Sensor Policies, other
Sensors information, Hosts, Groups information, Responses, etc) are
stored in DB. Most of SP problems, in my opinion, can be solved by
Application Server reinstallation i.e. complete removing of all SP
components, except DB and, may be, EventCollector (EC) and after AS
reinstallation all configurations will be the same as before
reinstallation. But some solutions need DB to be reinstalled as well; -
I mean that I saw situations that were not corrected without DB
reinstallation. So, the question is how I can backup only SP
configurations (without Events data) to restore this backup on
completely fresh installation of SP and all my Policies, Hosts, Groups,
Responses, Incidents/Exceptions, etc. will appear on new SP installation
as they were before?? This will, at first, save my time for
configuration of just installed SP, and, the second, this can be useful
in case of disaster recovery as configuration backup. I know about
Database Schema from Appendix A in Technical reference Guide v. 2.0,
SP5. What tables should I backup to save only SP configurations? How can
I restore that backup into new SP installation? I think that if I'll try
to restore that backup directly nothing will be working.
2. Imagine that there is the need to store events data for six
months.
In big distributed LAN the size of DB in this case can be more than
70Gb!
It's not good idea to store all this data in online system i.e. there is
no need to have ability to access all that 70Gb from SP console online.
Reasoned solution I see in creating of two systems: online system and
offline system. Online system is used for sensors management and
contains the most recent events data, for example, current situation and
data about last month. The older data is backed up to offline system
which is used only for review of what had happened before. How can I
organize this? May be there is special methods in MSSQL? Or, some
recommendations from ISS?
3. And the last question is how to make clustered in SP? Now I have
one
AS and one DB. If something happen with DB, SP will not work at all. Is
the only way - to use MSSQL with MS cluster or clustered features are
planned in future SP releases?
Thank you. ANY feedback will be appreciated.
---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 095 745 89 50 (1613)
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
Disclaimer
This e-mail message shall not be construed as legally binding on the Bank
for International Settlements (BIS). As internet communications are not
secure, the BIS does not accept responsibility for the content of this
message.
This message is intended only for the recipient(s) named above. Any
unauthorised disclosure, use or dissemination, either in whole or in part,
of this message is prohibited. If you have received this message in error,
please inform the sender immediately by return e-mail and delete this
message and any attachments thereto from your system.
Thank you for your cooperation.
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
