Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] Site Protector 2.0 Backup / Restore

from [jaeger] Network Security [Permanent Link]
Subject: Re: [ISSForum] Site Protector 2.0 Backup / Restore
Date: Thu, 13 Oct 2005 16:25:21 +0200 
Neil,

this is request we had to deal with a couple of times in the past.
It used to work easily with WGM 6.x. However with SP 2.0 things are much 
more complicated. You are obviously aware of the new SMTA, available 
with SP5, which would get your db synced with a 2nd instance. However as 
this scenario does not cover older events it does not really answer your 
question except for the "etc" part of it.

2nd possibility is log shipping sync which is an mssql option, aka db 
replication. This allows for syncing all db data with a 2nd db instance 
and is the most elegant version from my prespective. MS is working on 
new sql HA features for the new sql server which is in beta right now I 
believe. Of course you have to wait for this being supported by ISS.

Number three is database export and import. This is relatively easy when 
all you are looking for is a shadow db for queries. In that case I would 
proceed like this:
1. run a full install of SP first
2. export RSDB tables for Observances (Obs), Metrics and SensorData (SD)
3. import the original tables into the new database instance using sql 
commands like this one:

select *
into RealSecureDB.dbo.SensorData1
from remotehost.RealSecureDB.dbo.SensorData1

use similar commands for copying SensorDataAVP1 etc.

Of course the 2nd database must be connected. Use sql query analyzer 
cause its easier than osql and you can see all the tables you need.
For many queries the SD are already sufficient but you may need some 
more depending on your environment. SD are distributed into multiple 
tables, so you have to copy all of them to make SP analyze views work.

Last but not least you can use the complete database backup to make your 
extra query server work. However the trick is to get your application 
connected once you have overwritten the original database. 1st of all 
keep the master database if possible, just restore the RS database for 
this purpose. If master db is not copied you have to attach the database 
first before you can use it. If master db is restored, you will have to 
rerun the sql login utility which can be found in the program 
directories of each SP component to set a new password, cause the old 
ones will get overwritten. Please refer to the ISS knowledgebase for 
details on this one.

Regards
Karl

Neil Kemp schrieb:

Good afternoon, we have a Site Protector installation, running a
couple of  sensors.

We could do with knowing the procedure, for failure or migration, to
take those databases, restore them on a new server, install Site
Protector once again, and have it all running and viewing the old
events etc ?

Anyone have any ideas ?

Thanks.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.




-- 
  Karl-Heinz Jaeger
Manager Customer Services

______________________________________________________________

Schützen Sie Ihr Netz von Innen. - Sensibilisieren Sie Ihre Mitarbeiter
für IT-Sicherheit.
Erfahren Sie alles über unser kostenloses Security Awareness Training
unter: http://www.open-beware.de

Besuchen Sie unseren IDP-Workshop am 16.November 2005 in Frankfurt.
Informieren Sie sich hier: http://www.bdg.de/

Treffen Sie am 19. jeden Monats IT-Sicherheits-Experten beim
BDG-Security-Point!
Alle Informationen finden Sie hier: http://www.bdg.de/security-point

______________________________________________________________

* BDG GmbH & Co. KG - Make IT safe.
* Stolbergerstr. 307
D-50933 Koeln

Tel:      +49 (0)6126-94433-0
Fax:    +49 (0)6126-94433-31

E-Mail: karl.jaeger@bdg.de <mailto:karl.jaeger@bdg.de>
Web:   www.bdg.de <http://www.bdg.de>

______________________________________________________________


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISSForum] Raising the severity of POP3_Auth_Failed if it pass a thershold, hic sonni
Next by Date:  [ISSForum] Sending high alerts to a flatfile or Tivoli, Reiver
Previous by Thread:  [ISSForum] Site Protector 2.0 Backup / Restore, Neil Kemp
Next by Thread:  Re: [ISSForum] Site Protector 2.0 Backup / Restore, Duncanson, Robert
Indexes:  [Date] [Thread] [Top] [All Lists]