Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
0
Helpful
3
Replies

Retrieve old raw data and syslog

shairolbit
Level 1
Level 1

‎11-10-2010 04:01 AM - edited ‎03-09-2019 11:15 PM

If we did not backup all of the syslog that stored in CSMARS database, how can we retrieve it back from the security devices/appliances/servers and then send it back to CSMARS, or can CSMARS pull the old/backdated syslog from the devices again?

Labels:
0 Helpful
3 Replies 3

Scott Fringer
Cisco Employee
Cisco Employee

‎11-17-2010 04:18 AM

There is no method to pull the old events from a monitored security device back to CS-MARS.  To protect against data loss on the CS-MARS you should work to enable data archiving.

Scott

0 Helpful

shairolbit
Level 1
Level 1
In response to Scott Fringer

‎11-18-2010 12:49 AM

We experienced with 1  incident where the disk corrupted and the appliance have to be replaced.  We did not backup all the data but only managed to setup daily archived,  the problem occurred when we wanted to retrieved the old syslogs data  from the security devices/appliances that integrated with CSMARS. Is  there any method that we can used to retrieve back the previous syslogs  that have not been stored in CSMARS database, and send it again to  CSMARS from the devices/appliances?

0 Helpful

Scott Fringer
Cisco Employee
Cisco Employee
In response to shairolbit

‎11-18-2010 03:27 AM

There is no supported method to retrieve past events from a security device into CS-MARS.  Events are forwarded real-time to the CS-MARS.  CS-MARS only allows restoring event data from its own data archives.

Scott

0 Helpful
Customers Also Viewed These Support Documents