Both
I sympathize - this task is entirely undocumented/unsupported, and with
some disaster scenarios you can reach a dead end but if you restore the
server entirely on new hardware (same IP, same hostname) there should
usually not be a problem.
To John, from the original thread, my first tip is still: if you have
backup, why not restore it to the original name? If you care about
keeping the corrupt database, rename or backup *it*, but always restore
the known good backup to the original name. This is much easier than
using a 'temporary' DSN, and is true for most applications out there,
not just Realsecure.
In both John's and Nicola's cases, restoration/migration is still fairly
straightforward:
- SP4 (3?) includes a utility to regenerate/reinstall the
AppServer/DBServer connection and credentials.
- Reinstall the EC and assign sensors to it. In particular you must
uninstall (if the EC host is intact) and reinstall the EC software (in
some awkward cases you may also need to manually delete the DB users for
the old EC, but this is very straightforward). There is no configuration
of importance on the EC itself and installing the EC again will create a
new RealsecureDB user, the Realsecure components & keys etc. After that,
you only have o assign your sensors to the 'new' EC and your event-flow
will be restored. Sure, it would be nice to have a DB-user reset for the
EC too, but it's really is a non-issue - the InstallShield takes less
time than Googling for an alternate solution.
Cheers,
Robert
-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of Nicola.WHITE@Dest.gov.au
Sent: 03 February 2005 18:30
To: deepblue25@gmail.com; ISSForum@iss.net
Subject: RE: [ISSForum] Attaching Reaslsecuredb with a diff name
John,
After reading your email I feel for where you are at. We tried to
migrate our current database to a new server (we were swapping out
hardware) and we found this could not be done (such a simple task).
After 4 days and numerous calls to ISS Support they conceded that we
could not merge data or re-attach the database due to problems we were
encountering with the key files on both the G-series sensors and our DB
server. Also, the ISSApp user in the DB that is automatically generated
also caused us problems due to authentication not being granted for the
Event Collector to contact the DB. We could not assign an Event
Collector to either of our sensors and therefore could not see any new
logging information coming through our console.
All information was exactly the same, IP, server name, DB name and we
still could not migrate our DB across.
We had to rebuild our entire system and start with a new DB, which meant
we had lost the last 5 months of data and there was no way we could
merge this back in (ISS confirmed this was not possible).
Good luck!
-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of john maverick
Sent: Friday, 4 February 2005 1:49
To: ISSForum@iss.net
Subject: [ISSForum] Attaching Reaslsecuredb with a diff name
Our realsecureDB just went corrupt on us and we have a backup in a
diff name,we attached the same succesfully, we need the app server and
event collector to use this database instead of orig.We re-pasworded
the app server and have a DSN to the new database but the event
colllector has left us foxed
Bottom line: We need events to be logged to this new database (with
same schema as orig but diff name)
how can this be done
Pointers appreciated
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
Notice:
The information contained in this e-mail message and any attached files
may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this e-mail is unauthorised. If you have
received
this e-mail in error, please notify the sender immediately by reply
e-mail
and delete all copies of this transmission together with any
attachments.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
