You can archive data from a MARS Appliance and use that data to restore the operating system (OS), system configuration settings, dynamic data (event data), or the complete system.
The appliance archives and restores data to and from an external network-attached storage (NAS) system using the network file system (NFS) protocol. While you cannot schedule when the data backup occurs, the MARS Appliance performs a configuration backup every morning at 2:00 a.m. and events are archived every hour.
When archiving is enabled, dynamic data is written twice: once to the local database and once to the NFS archive. As such, the dynamic data that is archived includes only the data that is received or generated after you enable the data archive setting. Therefore, we recommend that you enable archiving before configuring your appliance to receive audit events from reporting devices.
You can use the same NFS server to archive the data for more than one MARS Appliance; however, you must specify a unique directory in the NFS path for each appliance that you want archive. If you use the same base directory, the appliances overwrite each others' data, effectively corrupting the images.
Step 1 Log in to the NFS server using an account with root permissions.
Step 2 Create a directory for archiving data.
mkdir -p /archive/nameOfYourMARSBoxHere
chown -R nobody.nobody /archive
chmod -R 777 /archive
Step 3 In the /etc/exports file, add the following line:
Step 1 Select Admin > System Maintenance > Data Archiving.
Restoring Archived Data after Re-Imaging a MARS Appliance
When you restore a MARS Appliance using archived data, you are restoring the system to match the data and configuration settings found in the archive. The configuration data includes the operating system, MARS software, license key, user accounts, passwords, and device list in effect at the time the archive was performed.
Caution The version of MARS software running on the appliance to be restored must match the version recorded in the archive. For example, if the data archive is for version 4.1.4, you must reimage the MARS Appliance to version 4.1.4, not older or newer, before using the pnrestore command to recover the system configuration and events.
Note If you choose to restore from your archived data, you must re-enter all devices on the Local Controller that are missing from the archive file. To restore existing cases, you must restore incident and session data. See pnrestore, page A-35, for more information on types of data and restore modes.
If you have archived your data and you have recovered your MARS Appliance as described in either Re-Imaging a Local Controller, or Re-Imaging a Global Controller, perform the following steps:
Step 1 When the recovery process is complete, restore the MARS Appliance from the last archived data by executing the following command:
pnrestore -p :/
Where NFSSeverIP is the value specified in the Remote Host IP field and archive_path is the value specified in the Remote Path field in the settings found in the web interface at Admin > System Maintenance > Data Archiving. You must identify the NFS server by IP address, separated by a :/ and then the pathname NFSSeverIP:/archive_path. For more information on these settings, see Configure the Data Archive Setting for the MARS Appliance.
Step 2 When the restore operation completes, you may need to delete, re-enter, and re-discover all the devices that are missing from the MARS archive file.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :