Advertisement
Configuring and Performing Appliance Data Backups
07/21/2005
07/23/2005
Within each daily directory, subdirectories are created for each data type. The following example
identifies the directory type in the comments.
Directory of D:\MARSBackups\2005-07-08
07/08/2005
07/08/2005
07/08/2005
07/08/2005
07/08/2005
07/08/2005
07/08/2005
07/08/2005
The .gz filename in the raw event data directory identifies the period of time that the archived data spans
in a
[dbversion]-[productversion]-[serialno]_[StartTime]_[EndTime].gz
illustrate this format:
ix-5248-524-1171238692_2007-02-12-00-04-46_2007-02-12-01-04-51.gz
rm-5248-524-1171238692_2007-02-12-00-04-46_2007-02-12-01-04-51.gz
Note
Files starting with "ix" are index files and those starting with "rm" contain the raw messages.
Directory of D:\MARSBackups\2005-07-08\ES
07/08/2005
05:49p
07/08/2005
05:49p
07/08/2005
05:49p
07/08/2005
05:49p
07/08/2005
06:49p
07/08/2005
06:49p
07/08/2005
07:49p
07/08/2005
07:49p
07/08/2005
08:50p
07/08/2005
08:50p
07/08/2005
09:50p
07/08/2005
09:50p
07/08/2005
10:50p
07/08/2005
10:50p
07/08/2005
11:50p
07/08/2005
11:50p
07/09/2005
12:50a
07/09/2005
12:50a
16 File(s)
2 Dir(s)
The following is an example of the data found in the configuration data directory.
Directory of D:\MARSBackups\2005-07-08\CF
07/08/2005
07/08/2005
07/08/2005
Install and Setup Guide for Cisco Security MARS
6-22
12:09a
<DIR>
12:15a
<DIR>
0 File(s)
58 Dir(s)
4,664,180,736 bytes free
04:49p
<DIR>
04:49p
<DIR>
04:49p
<DIR>
05:00p
<DIR>
05:16p
<DIR>
05:16p
<DIR>
05:16p
<DIR>
05:49p
<DIR>
0 File(s)
8 Dir(s)
4,664,180,736 bytes free
format. The filename includes the following data
YYYY-MM-DD-HH-MM-SS
<DIR>
.
<DIR>
..
34,861 es-3412-342_2005-07-08-16-49-52_2005-07-08-17-49-47.gz
31,828 rm-3412-342_2005-07-08-16-49-52_2005-07-08-17-49-47.gz
49,757 es-3412-342_2005-07-08-17-49-49_2005-07-08-18-49-40.gz
48,154 rm-3412-342_2005-07-08-17-49-49_2005-07-08-18-49-40.gz
24,420 es-3412-342_2005-07-08-18-49-45_2005-07-08-19-49-52.gz
22,346 rm-3412-342_2005-07-08-18-49-45_2005-07-08-19-49-52.gz
44,839 es-3412-342_2005-07-08-19-49-47_2005-07-08-20-50-04.gz
41,534 rm-3412-342_2005-07-08-19-49-47_2005-07-08-20-50-04.gz
58,988 es-3412-342_2005-07-08-20-49-55_2005-07-08-21-50-06.gz
54,463 rm-3412-342_2005-07-08-20-49-55_2005-07-08-21-50-06.gz
130,604 es-3412-342_2005-07-08-21-49-58_2005-07-08-22-50-08.gz
85,437 rm-3412-342_2005-07-08-21-49-58_2005-07-08-22-50-08.gz
114,445 es-3412-342_2005-07-08-22-49-55_2005-07-08-23-50-10.gz
58,240 rm-3412-342_2005-07-08-22-49-55_2005-07-08-23-50-10.gz
110,556 es-3412-342_2005-07-08-23-50-02_2005-07-09-00-50-14.gz
53,977 rm-3412-342_2005-07-08-23-50-02_2005-07-09-00-50-14.gz
964,449 bytes
4,664,164,352 bytes free
04:49p
<DIR>
04:49p
<DIR>
02:02a
1 File(s)
2005-07-21
2005-07-23
0 bytes
.
..
CF<-- Configuration Data
IN<-- Incident Data
AL<-- Audit Logs
ST<-- Statistics Data
RR<-- Report Results
ES<-- Raw Event Data
0 bytes
.
..
2,575,471 cf_2005-07-08-02-02-02.pna
2,575,471 bytes
Chapter 6
Administering the MARS Appliance
. The following examples
OL-14672-01
Advertisement
Chapters
Troubleshooting
