Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Duyen_Ngo_Van
Participant

Backup and restore log checkpoint firewall

I see in R80 InstallationAndUpgradeGuide , I can expert log in R77.30   with expert command ( -l option) and import with ( -l) to R80.

Is there any way to expert in R77.30 and import only log to R80?

Thank you!

5 Replies
Yonatan_Philip
Employee Alumnus
Employee Alumnus

Hello Duyen,

If I understand the use case correctly, you have an R77.30 and an R80 server, both are up and running and you want to move the logs from one server to the other.

You can simply copy the relevant log files (can be found on $FWDIR/log) from one server to the next.
The management server will periodically search for un-indexed log files under $FWDIR/log and indexe them.
That's basically what the -l flag does - it just adds the logs to the DB files and copies them over to the new server.

There are some limitations - mostly, relevant to time frame window. Meaning that the server will only index files going back to a certain extent - but they might not be relevant in your case. If they do becomes relevant I can add information on how to circumvent or fix those issues.

Hope that helps,

Yonatan

Duyen_Ngo_Van
Participant

Thank for your  fast respond Philip,

In case I wan to  change  time frame window,  I can change  in  Log ->  Storage  -> Index Files  "Delete  index files older than x days ".

Is that right ?

0 Kudos
Yonatan_Philip
Employee Alumnus
Employee Alumnus

Hello Duyen,

That setting is mainly for maintenance which might be relevant if the logs are older then X.

The setting that controls the index time frame is found in $INDEXDIR/log_indexer_custom_setting.conf.

You need to remove these lines:

:time_restriction_for_fetch_all (1458723037)

:time_restriction_for_fetch_all_disp ("23/Mar/2016 10:50:37")

and replace it with this one:

:num_days_restriction_for_fetch_all_integrated (30)   // change 30 with the number of days needed.

You'll need to restart the indexer by running in expert: evstop;evstart

Hope that helps,

Yonatan

0 Kudos
Duyen_Ngo_Van
Participant

Thank you! Smiley Happy

0 Kudos
Yonatan_Philip
Employee Alumnus
Employee Alumnus

Hello Duyen,

A small update: it looks like there might be a bug with this feature on some systems.

If the new setting doesn't work for you, please put back the original two lines:

:time_restriction_for_fetch_all (1458723037)

:time_restriction_for_fetch_all_disp ("23/Mar/2016 10:50:37")

and update the epoch time to the desired time frame.

You can use web converters such as Epoch Converter - Unix Timestamp Converter  to get the relevant epoch time.

Yonatan

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events