Advertisement
Chapter 6
Administering the MARS Appliance
If restoring to an appliance other than the one that created the archive, see
•
Secondary MARS Appliance, page
•
When restoring to an appliance different from the one that archived the data, you must enter the
license key assigned to the serial number of the new appliance before you access the restored data.
•
A restore is performed from the day you specify forward until the archive dates are exhausted. The
date argument of the pnrestore command should be the name of the daily data backup directory that
identifies the start of the time range to be restored. See
To restore a specific range of days, we recommend temporarily moving the unwanted days at the end
•
of the range out of the archive folder. This technique of trimming out unwanted days can also speed
up the restore, although you do lose the dynamic data from those dates.
If the data contained in the selected restore range of the archive exceeds the capacity of the local
•
database on the target MARS Appliance, the MARS Appliance automatically purges the data in the
oldest partition of the local database and then resumes the restore operation. As such, you should
select a reasonable range of dates when performing the restore. Nothing is gained from restoring
ranges that exceed the local database limits, and the overall restore operation is slowed by the
intermittent purging of the oldest partition until the most current date is restored.
Mode 5 of the pnrestore command restores from a backup in the local database; you cannot use it
•
to restore from a NFS archive. As such, you do not need to have archiving enabled to perform this
restore operation. The configuration data is backed up every night on the appliance. Beware that if
you upgrade to a newer release and attempt a restore before that configuration has been backed up,
the restore will fail. See
modes.
If a Global Controller requires re-imaging, you should perform a pnrestore operation to recover the
•
data after it is reimaged (assuming you have archived it). This approach is recommended because:
–
–
–
–
OL-14672-01
pnrestore, page
All global data defined on the Global Controller and propagated to each managed
Local Controller is not pushed back to the Global Controller, so restoring it from an archived
configuration file is the only method of recovering these configuration settings and accounts.
Incidents and report results that were pushed to the Global Controller before it was reimaged
are not pushed back after reimaging. When running on a Global Controller, the archive
operation only archives reports, which can be restored. However, all old incidents are
permanently lost on the Global Controller, as they are not archived.
Regardless of how the Global Controller is restored, re-image or restore, the Local Controllers
must be cleaned of Global Controller configuration data, which is accomplished by performing
a pnreset -g operation on each Local Controller.
The pnreset -g operation must completed on each Local Controller before attempting to restore
the Global Controller.
6-40.
Format of the Archive Share Files, page
A-43, for more information on types of data and restore
Install and Setup Guide for Cisco Security MARS
Guidelines for Restoring
Configuring a Standby or
6-21.
6-41
Advertisement
Chapters
Troubleshooting
