I have a CSA MC and i want do do a backup of my events. When i do this i also do a backup of the configuration am i right?
What if i want to see (an auditor would ask) some events from 2 years ago backed up 1 year ago. When i would do the restore, my config would be restored too, which i don't want - because i changed my config since last year.
Is there a workaround ?
An easier way would be to have to table "formatted_event_log" inside the csamc50 database backed up by your Database Admin weekly or whenever, and have the backed up table names have dates to identify them.
Then you could always open those back ups later in excel or whatever program.
That way you aren't restoring all the rules, agent kits etc. etc. which is not really relavent to what you are trying to do.
hi, I'm in the early stages of a CSA deployment and one of our concerns is backing up events. My DBA has told me he can accomodate, provided I can give him a copy of the DB schema and what tables he would need to back up for what functions. Is there anywhere I can find this on Cisco's webpage? Or has anyone figured them all out who can give me some advice? Thanks.
Yes, read my post.
That table holds all of the events.
You would need to back it up, or copy that table to another database, or whatever.
If you back it up regularly, you could continue to save each backup in it's own table, perhaps naming the new table by some date, and reference it for future use.
thanks netjim, but i am not familiar with v5.0, i use v4.5. Anyway i don't think there is much difference, but what i don't know is how to <
I believe he's referring to a SQL backup, so it would be like manually backing up the data in a SQL management application. At least, that's the way I'll be doing it, through one of our DBAs.
I'm refering to the SQL database ONLY and the table inside of it.
Whether you use a local SQL database or remote (like in my case), you can simply back up, or copy that table to another SQL database and use them in the future, all without even having to open, or enter, or mess with the CSA management console.
I haven't done that personally and so I'm not sure of the exact procedure inside SQL, but I'm sure it's relatively easy.
i kind of thinking of it too after your first reply, but as i am not very friendly with databases or SQL i needed more info. Anyway from this point i think i'll figure it out - i'll ask our db guy to help me.
sorry to bother you again, but i think i am stuked with this database stuff and it seemed to me that you are more advanced. The problem is that i can not test anything because i don't have access to the CSAMC for the moment. I digged in the documentation and i found only this info related to the subject:"To access events in the database for exporting to a different format (or for your own reports), connect to the database using ODBC DSN "csamc45dsn."
You can access events through the database view EventListView. (This is a SQL server view.)"
Do you know a next step to this for accessing the events and eventually back them up?
OK without going into too much detail I will try to explain it in a relatively easy way...
When you set up the CISCOWORKS and then the Management Console, you also set up a local SQL server, or had a remote SQL server.
As part of the setup you had to create a database user account to connect to the database.
In my case the user account is called CSAMC50USER.
This account, or user, also needs a password to connect to the database, and the Management Console uses that account all day long to enter and retrieve data from the SQL database.
SO you need a few things:
1. You need to know exactly where the database is located.
2. You need the user name and password that was created to connect to the database.
3. You need to install Microsoft SQL Server Client Tools to connect and view the SQL database.
This is how that is done:
You run the SQL Server 2000 installation from a CD or whatever on any machine you like, and install ONLY the Client Tools, NOT the actual server.
After the SQL Server Client tools are installed, run MMC from the run line.
Click "Console" and select "Add remove snap in" and click "Add". You should now see a Microsoft SQL Enterprise Manager". Click ADD then CLOSE then OK.
Save the mmc to your desktop.
Then you can run a wizard to connect to the SQL database using the user name and password mentioned above.
Once you can connect to the SQL server and view the tables, there are ways in there to copy, backup etc.
You'll have to do your own research for that.
Forget about all the ODBC DSN stuff you read about.
I know that this was addressed from earlier posts, but I thought I'd share the actual routine for backing up the events. On the CSA MC server, create a .bat file and add:
for /F "tokens=1,2,3,4 delims=/ " %%a in ("%date%") do set filedate=%%d-%%b-%%c
osql -E -n -d csamc45 -Q "select * from formatted_event_log where received >= DATEADD(day, -1, GETDATE())" -h-1 -w 927 -o "C:\CSABackup\MCEvents%filedate%.bak"
Create a windows Scheduled Task that starts this script at 11:59pm every night (or any time before midnight). This will export all your events into a daily file. The data will be RAW - although you now have an archive, its not something you would want to re-import back into your db.
Another solution is to run a full db backup. But if you just want the events table, you can setup a job that copies just the table to another temp table in its own db, and backup just that db.