1 Reply Latest reply on Feb 3, 2014 9:24 AM by rth67

    SIEM BACKUP

    kravitch3w

      Hi,

       

      We're about to do a SIEM full backup for the whole database of the ESM. This will cover approximately 6TB.

       

      Will there be a compression for this?

       

      Another thing we are concerned is the backup time period. Can it reach more than 3 days?

       

      I understand that all events will be coming in to the Receiver and until the ESM is available, it will consume hard drive space. How can I monitor this? Will the df -h command suffice?

        • 1. Re: SIEM BACKUP
          rth67

          It depends partially on what you are backing up to, a Redundant SIEM, SAN Storage (SSD, Fiber Channel, iSCSI, SATA), NFS or CIFS Share, DAS? Speed of the network / switches backing up over (LAN or WAN)?

           

          We replaced our Primary ESM last year, did a Full Backup to the Redundant, then did a copy to the new / replacement X3, at the time we had over 4TB of data on the ESM itself (did not have to backup / copy the data on the attached DAS as the new ESM would be attached to same).

           

          As I recall it took a little over a day for each copy / backup.

           

          You can use the df - h to monitor the space on your Receiver's.