Archive after Migration to 6.0.1 / Upgrade 6.0.2

Unanswered Question
Apr 1st, 2009

Dear all,

Yesterday I migrated successfully a CS-MARS 50 from version 4.3.6 to 6.0.1 and also made an update to 6.0.2. After these tasks I enabled archiving again (NFS runs (successfully for months) on a Windows server 2003 R2 machine). Today I had a look at the NFS share. I found the following directories:

pnos

Then under the directory with the backup date:

es

in

st

Having a look at the "Cisco Security MARS Initial Configuration and Upgrade Guide, Release 6.x" there should me more directories:

cf

al

rr

What about these files? Why did the CS-Mars apploiance did not write these data to the nfs server? Any ideas hints?

Besides: There is very few load on that CS-MARS appliance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Tue, 04/07/2009 - 15:01

Within each daily directory, subdirectories are created for each data type. The following example

identifies the directory type in the comments.

Directory of D:\MARSBackups\2005-07-08

07/08/2005 04:49p .

07/08/2005 04:49p ..

07/08/2005 04:49p CF<-- Configuration Data

07/08/2005 05:00p IN<-- Incident Data

07/08/2005 05:16p AL<-- Audit Logs

07/08/2005 05:16p ST<-- Statistics Data

07/08/2005 05:16p RR<-- Report Results

07/08/2005 05:49p ES<-- Raw Event Data

0 File(s) 0 bytes

8 Dir(s) 4,664,180,736 bytes free

The .gz filename in the raw event data directory identifies the period of time that the archived data spans in a

YYYY-MM-DD-HH-MM-SS format. Directory of D:\MARSBackups\2005-07-08\ES

07/08/2005 05:49p .

07/08/2005 05:49p ..

07/08/2005 05:49p 34,861 es-3412-342_2005-07-08-16-49-52_2005-07-08-17-49-47.gz

07/08/2005 05:49p 31,828 rm-3412-342_2005-07-08-16-49-52_2005-07-08-17-49-47.gz

07/08/2005 06:49p 49,757 es-3412-342_2005-07-08-17-49-49_2005-07-08-18-49-40.gz

07/08/2005 06:49p 48,154 rm-3412-342_2005-07-08-17-49-49_2005-07-08-18-49-40.gz

07/08/2005 07:49p 24,420 es-3412-342_2005-07-08-18-49-45_2005-07-08-19-49-52.gz

07/08/2005 07:49p 22,346 rm-3412-342_2005-07-08-18-49-45_2005-07-08-19-49-52.gz

07/08/2005 08:50p 44,839 es-3412-342_2005-07-08-19-49-47_2005-07-08-20-50-04.gz

07/08/2005 08:50p 41,534 rm-3412-342_2005-07-08-19-49-47_2005-07-08-20-50-04.gz

07/08/2005 09:50p 58,988 es-3412-342_2005-07-08-20-49-55_2005-07-08-21-50-06.gz

07/08/2005 09:50p 54,463 rm-3412-342_2005-07-08-20-49-55_2005-07-08-21-50-06.gz

07/08/2005 10:50p 130,604 es-3412-342_2005-07-08-21-49-58_2005-07-08-22-50-08.gz

07/08/2005 10:50p 85,437 rm-3412-342_2005-07-08-21-49-58_2005-07-08-22-50-08.gz

07/08/2005 11:50p 114,445 es-3412-342_2005-07-08-22-49-55_2005-07-08-23-50-10.gz

07/08/2005 11:50p 58,240 rm-3412-342_2005-07-08-22-49-55_2005-07-08-23-50-10.gz

07/09/2005 12:50a 110,556 es-3412-342_2005-07-08-23-50-02_2005-07-09-00-50-14.gz

07/09/2005 12:50a 53,977 rm-3412-342_2005-07-08-23-50-02_2005-07-09-00-50-14.gz

16 File(s) 964,449 bytes

2 Dir(s) 4,664,164,352 bytes free

The following is an example of the data found in the configuration data directory.

6-27

Install and Setup Guide for Cisco Security Monitoring Analysis and Response System

78-17019-01

Chapter 6 Administering the MARS Appliance

Configuring and Performing Appliance Data Backups

Directory of D:\MARSBackups\2005-07-08\CF

07/08/2005 04:49p .

07/08/2005 04:49p ..

07/08/2005 02:02a 2,575,471 cf_2005-07-08-02-02-02.pna

1 File(s) 2,575,471 bytes

2 Dir(s) 4,664,164,352 bytes free

For further details please follow the PDF link:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/4.2/installation/guide/ig42x.pdf

and the Topic Configuring and Performing Appliance Data Backups

Actions

This Discussion