This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cem82
Participant
‎2021-11-13 06:56 PM

Migrating MDM/MLM from R80.30 to R81.10 with all logs

Hi

 

We are looking to migrate our current R80.30 MDM +MLM to R81.10 on new servers.  I have tested with migrate_server export -v R81.10 -x <filename> on the MDM as a starting point but in R81.10 SmartConsole we see what appears to only go back to midnight of the previous day from when the migrate_server was run.  How can we extend that back to include all traffic/audit logs?

 

Thanks

Labels
0 Kudos
5 Replies
Ido_Shoshana
Employee
Employee
‎2021-11-13 10:45 PM

Hi,

Important note: You won’t be able to preserve log-Indexes (the actual SME log-DB), if you’re upgrading to R81.x from R80.x, as the Solr I/S had been upgraded.

so this procedure should only be done on R80.x to R80.x or R81.x to R81.x (like R80.20 to R80.40 or R81 to R81.10).

If upgrading to R81, then you can enlarge the indexing backwards time limit to index older logs/events - more than the default 1 day back (assuming the actual log-files from its Log-Servers still exist).
See sk111766.

cem82
Participant
‎2021-11-15 11:29 AM
In response to Ido_Shoshana

If it's not possible for the log indexes, how about the raw log files after doing a logswitch and copy those over or is that not an option?

0 Kudos
Ido_Shoshana
Employee
Employee
‎2021-11-16 12:14 AM
In response to cem82

yes, this is an option since the log files are kept.

0 Kudos
cem82
Participant
‎2021-11-16 12:19 AM
In response to Ido_Shoshana

That's great!  So all we'd need to do is copy over the old raw log files to the new server?  Are they in the same format and don't need any sort of script to be run to be able to be read by R81.10?  If we do that could we also then also follow the SK you mentioned to index the additional days as well?

0 Kudos
Ido_Shoshana
Employee
Employee
‎2021-11-16 04:22 AM
In response to cem82

No need to copy. The log files should have already been imported as part of the migrate server as you have shown above (-x / -l).

Yes, same format - all good. Then you can follow the sk111766 to re-index back as many log files days of data as you wish.

0 Kudos