cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM BACKUP

Hi,

We're about to do a SIEM full backup for the whole database of the ESM. This will cover approximately 6TB.

Will there be a compression for this?

Another thing we are concerned is the backup time period. Can it reach more than 3 days?

I understand that all events will be coming in to the Receiver and until the ESM is available, it will consume hard drive space. How can I monitor this? Will the df -h command suffice?

1 Reply
rth67
Level 12
Report Inappropriate Content
Message 2 of 2

Re: SIEM BACKUP

It depends partially on what you are backing up to, a Redundant SIEM, SAN Storage (SSD, Fiber Channel, iSCSI, SATA), NFS or CIFS Share, DAS? Speed of the network / switches backing up over (LAN or WAN)?

We replaced our Primary ESM last year, did a Full Backup to the Redundant, then did a copy to the new / replacement X3, at the time we had over 4TB of data on the ESM itself (did not have to backup / copy the data on the attached DAS as the new ESM would be attached to same).

As I recall it took a little over a day for each copy / backup.

You can use the df - h to monitor the space on your Receiver's.