Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5.3 - Restoring purged data?

Hello All,

I think I understand purging in ACS5 now:

  1. Purging occurs when the database either gets too large or when data is too old (up to 12 months, although I assume you can leave the setting blank and no age related purging takes place?)
  2. Data is purged by making incremental backups and deleting the backed up data from the local database until the size/age pressure is relieved

So, my question is, how do I later look at the purged data? If I suddenly need to look at logs from last year what am I supposed to do? If I restore it surely I'm just going to go over the size limit again and it'll just get purged, no?

Or is there something I'm missing?

Paul

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

ACS 5.3 - Restoring purged data?

No problem, if you configure database purging with incremental backup, the purging should occur at the same time in order to avoid the database getting to a point where it gets too large.

Here is the user guide for reference:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/viewer_sys_ops.html#wp1068157

Thanks,

Tarik Admani

-Please remember to rate helpful posts!-

Tarik Admani *Please rate helpful posts*
6 REPLIES

ACS 5.3 - Restoring purged data?

Paul,

Answers inline:

  1. Purging occurs when the database either gets too large or when  data is too old (up to 12 months, although I assume you can leave the  setting blank and no age related purging takes place?)

The database purging occurs at the end of every month if you have incremental backup disabled.

    2. Data is  purged by making incremental backups and deleting the backed up data  from the local database until the

        size/age pressure is relieved

That is correct I assume you are using nfs since this requires a backup staging configuration.

So,  my question is, how do I later look at the purged data? If I suddenly  need to look at logs from last year what am I supposed to do? If I  restore it surely I'm just going to go over the size limit again and  it'll just get purged, no?

That is a great question, at this point the only reliable option is to deploy another ACS server that is dedicate for logs monitoring, so that in case you need to go back and do some research that this ACS can restore the backup of the purged data and provide the information that you need. Using a production server will not be the best option because it is assume that the amount of data that is being sent to this server in the first place has enough on its plate. However, lets see if anyone else can confirm from Cisco.

Or is there something I'm missing?

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

ACS 5.3 - Restoring purged data?

Tarik,

Cheers for your answers!

Just a couple of quick clarifications...

  1. I have configured incremental, so if my description correct in that case?
  2. Ah, I was going to use TFTP or SFTP, will that not work then? (I had assumed the backup was made locally and then copied off)
  3. I guess I could use one of the 90 day free trial licenses to spin up a reporting ACS VM in that case? (I assume they're fully featured and would allow that)

Thanks again, much appreciated!

ACS 5.3 - Restoring purged data?

Paul,

  1. I have configured incremental, so if my description correct in that case? - If you have configured incemental backup then incremental backups take place daily. Here is the quote from the user guide "If you enable incremental backup, data is purged  daily at 4:00 a.m. at the local time zone where the ACS instance that  runs the View process is located."
  2. Ah, I was going to use TFTP or SFTP, will that not work then? (I had assumed the backup was made locally and then copied off), I can not find where this documented but your best bet is to use ftp, i would also explore nfs if you have the resources handy.
  3. I  guess I could use one of the 90 day free trial licenses to spin up a  reporting ACS VM in that case? (I assume they're fully featured and  would allow that) Yes you will be able to use this but configure the VM so that it allows the data to be backed up (500GB hard disk), also keep in mind that once you install a temp license that you can not reinstall or install another temp licenses on an existing server. You will have to reimage and have a new temp license generated.

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

ACS 5.3 - Restoring purged data?

Thanks again, one last (I promise!) clarification!

The incremetal backups take place daily, but a purge will only happen when data gets too old or the database gets too big, yes?

(IE, if I backup daily, I can still expect to report on logs that are a week old)

ACS 5.3 - Restoring purged data?

No problem, if you configure database purging with incremental backup, the purging should occur at the same time in order to avoid the database getting to a point where it gets too large.

Here is the user guide for reference:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/viewer_sys_ops.html#wp1068157

Thanks,

Tarik Admani

-Please remember to rate helpful posts!-

Tarik Admani *Please rate helpful posts*
New Member

ACS 5.3 - Restoring purged data?

Many thanks!

933
Views
0
Helpful
6
Replies