2 Replies Latest reply on Jul 11, 2016 3:24 PM by rth67

    siem back up vs full backup

    hon

      dear whom,

      Does anyone help me about the backup vs full backup on ESM. What is the different between this thing. Can i just use back up to recovery. There is also option Event and Event log . what should i select?

        • 1. Re: siem back up vs full backup
          xded

          Hi,

           

          if you select "Backup Now", you safe a copy of the ESM Settings and you can restor this settings

          if you select "Full Backup Now", you safe a copy of ESM settings and a full backup of Events Flows and Event Logs and you can restor this backup

           

          If you select a Backup frequency you will backup what you select: Events, Flows or and Event Logs and the Settings of the ESM. So if you select nothing you will backup only the Settings of the ESM. If you select Events and Event Logs you will backup the Settings, Events and Event Logs.

          • 2. Re: siem back up vs full backup
            rth67

            A regular Backup of the ESM simply backs up all of the Settings (this includes custom Displays, Views, Policies, Alarms, Reports, Device Configurations [Receivers, APM, DSM, ELM, ePO, etc], Assets, etc.) this does not include any Event Data or Flows

            A Full Backup will include all of the above and all of your Event Data and Flows.

            A Scheduled Backup will perform a Regular Backup plus any data you select (Events, Flows, Event Logs) to either the ESM or to a Remote Location using either CIFS or NFS Shares

             

            Enabling Redundancy with another ESM will Sync the Primary ESM and all of settings and Data to a Redundant ESM, you can have up to 5 Redundant ESM's.

            Note - a Redundant ESM is not a Fault Tolerant ESM, it is a Disaster Recovery ESM.

             

            However, in version 9.6.x they have enabled functionality to offload some functionality from the Primary ESM to a Redundant ESM to take advantage of the customers investment dollars sitting wasted waiting for a Disaster. Some Searches are now offloaded to a Redundant ESM for processing, with the Results being Returned to the user that is logged in to the Primary.