Hi, List.
I've faced with some questions connected with organization of DB
maintenance. Here they are.
1. All SiteProtector (SP) configurations (i.e. Sensor Policies, other
Sensors information, Hosts, Groups information, Responses, etc) are stored
in DB. Most of SP problems, in my opinion, can be solved by Application
Server reinstallation i.e. complete removing of all SP components, except
DB and, may be, EventCollector (EC) and after AS reinstallation all
configurations will be the same as before reinstallation. But some
solutions need DB to be reinstalled as well; - I mean that I saw situations
that were not corrected without DB reinstallation. So, the question is how
I can backup only SP configurations (without Events data) to restore this
backup on completely fresh installation of SP and all my Policies, Hosts,
Groups, Responses, Incidents/Exceptions, etc. will appear on new SP
installation as they were before?? This will, at first, save my time for
configuration of just installed SP, and, the second, this can be useful in
case of disaster recovery as configuration backup. I know about Database
Schema from Appendix A in Technical reference Guide v. 2.0, SP5. What
tables should I backup to save only SP configurations? How can I restore
that backup into new SP installation? I think that if I'll try to restore
that backup directly nothing will be working.
2. Imagine that there is the need to store events data for six months.
In big distributed LAN the size of DB in this case can be more than 70Gb!
It's not good idea to store all this data in online system i.e. there is no
need to have ability to access all that 70Gb from SP console online.
Reasoned solution I see in creating of two systems: online system and
offline system. Online system is used for sensors management and contains
the most recent events data, for example, current situation and data about
last month. The older data is backed up to offline system which is used
only for review of what had happened before. How can I organize this? May
be there is special methods in MSSQL? Or, some recommendations from ISS?
3. And the last question is how to make clustered in SP? Now I have one
AS and one DB. If something happen with DB, SP will not work at all. Is the
only way - to use MSSQL with MS cluster or clustered features are planned
in future SP releases?
Thank you. ANY feedback will be appreciated.
---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 095 745 89 50 (1613)
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
