Does anyone help me about the backup vs full backup on ESM. What is the different between this thing. Can i just use back up to recovery. There is also option Event and Event log . what should i select?
if you select "Backup Now", you safe a copy of the ESM Settings and you can restor this settings
if you select "Full Backup Now", you safe a copy of ESM settings and a full backup of Events Flows and Event Logs and you can restor this backup
If you select a Backup frequency you will backup what you select: Events, Flows or and Event Logs and the Settings of the ESM. So if you select nothing you will backup only the Settings of the ESM. If you select Events and Event Logs you will backup the Settings, Events and Event Logs.
A regular Backup of the ESM simply backs up all of the Settings (this includes custom Displays, Views, Policies, Alarms, Reports, Device Configurations [Receivers, APM, DSM, ELM, ePO, etc], Assets, etc.) this does not include any Event Data or Flows
A Full Backup will include all of the above and all of your Event Data and Flows.
A Scheduled Backup will perform a Regular Backup plus any data you select (Events, Flows, Event Logs) to either the ESM or to a Remote Location using either CIFS or NFS Shares
Enabling Redundancy with another ESM will Sync the Primary ESM and all of settings and Data to a Redundant ESM, you can have up to 5 Redundant ESM's.
Note - a Redundant ESM is not a Fault Tolerant ESM, it is a Disaster Recovery ESM.
However, in version 9.6.x they have enabled functionality to offload some functionality from the Primary ESM to a Redundant ESM to take advantage of the customers investment dollars sitting wasted waiting for a Disaster. Some Searches are now offloaded to a Redundant ESM for processing, with the Results being Returned to the user that is logged in to the Primary.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center