Page Comparison

Disk Manager

Snare Central includes a Disk Manager utility that allows the administrator to easily increase storage capacity for event data allocation by adding extra hard drives to an existing system, or by allowing the server to connect to an existing NAS device.

Disk Manager also allows the administrator to have transparent access to data backups in CD, DVD or USB media created with the Snare Central Data Backup utility directly, without needing to restore data to the local hard drive.

Snare Central disk layout

Snare Central complies with the “Red Hat Enterprise Linux 6 Security Technical Implementation Guide (STIG)” recommendation from the US DoD, and uses the Linux logical volume manager (LVM) to provide the following file system structure by default:

...

/usr

...

/var

...

/var/log

...

If additional physical disk resources are assigned to the Snare Server, the Disk Manager objective will provide the ability to assign some or all of the available disk, to the partitions marked as compatible with resizing ("Yes") in the table above.

Interface

The Disk Manager user interface shows existing file systems represented as cylinders. It highlights the current space allocated and used. In the above example, the root file system is shown in black and is currently at 53% of capacity.

The Disk Manager top level icons include:

1. Show/Hide (eye icon). Show or hide the non editable file systems.
   

2. Reset (circular arrow icon). To reset the disks to their original sizes.

3. Submit (right pointing arrow). To submit disk resize changes.

4. NAS (cloud icon). To mount or unmount a NAS.

5. DVD (CD icon). To mount or unmount a CD, DVD or USB data backup.

Selecting, or hovering the mouse over a particularly cylinder, displays the filesystem status and disk summary information.

 Mounting a CD, DVD or USB

The following image shows the DVD dialog. This dialog provides the capability to mount and/or unmount a data backup device. Once the device has been made available, the data on the device is merged with the default Snare data archive, making it available to query through the Snare Server user interface.

Ticking the 'mount at startup' checkbox will modify the system filesystem configuration to make the change persistent after a reboot.

Mounting a NAS

The NAS dialogue allows the user to mount or unmount a Network Attached Storage.

NAS devices are generally mounted as read-only data stores for historical/forensic data storage and archive. Although a NAS can be mounted as a writeable device, it will take the place of the current Snare Central archives, rendering them invisible until the NAS is unmounted.

Be aware that that a NAS device is unlikely to be as fast as a local hard drive and this could lead to collection and query performance issues if the system receives a high number of events-per-second (EPS).

Most NAS systems do not implement synchronous write acceleration. Please consider local disk or fibre attached SAN for systems with significant EPS collection requirements.

Please be aware that Snare Central has not been designed to take into consideration the loss of local disk availability in situations where network connectivity to the NAS is interrupted. User interface, report generation and other normal Snare Central activities may be significantly impacted.

In order to mount a NAS the user needs to provide:

...

Resizing a local file system

Each of the local file systems on the server is represented by a cylinder in the Disk Manager user interface. Another cylinder represents the amount of “Free Space” available on the server.

Some file systems can be modified (grown or shrunk) by selecting and dragging the handle in the top left corner of the cylinder, up or down. It is also possible to change the file system size by entering an appropriate number directly in the text-entry box located at the top of the cylinder. Sizes can be entered in G (GB), T (TB), M (MB) or K (KB). If no units are specified the manager defaults to GB.

When growing a file system the free space cylinder will shrink. When reducing a disk the available free space will grow.

Any editable file system can grow up to the point where all available free space has been exhausted.

Any editable file system can be shrunk to within 20% of its unallocated (free) space.

Until modifications have been applied to the system, the 'reset' icon can restore all cylinders to their original values.

Once all the editable file systems are configured according to requirements, the submit button (right pointing arrow) will apply the changes.

It is highly recommended that only one file system at a time be resized.

Once the submit button has been clicked, a confirmation dialog will be shown. Selecting the 'x' close button on that dialog will abandon all changes.

Adding a new hard disk to Snare archive

If no more disk space is available, the administrator can add another physical disk (or disks) to the server. After a system reboot, the new drive will be available as free space in the Disk Manager ready to be assigned to existing files systems as described.

In the case of upgraded servers, Disk Manager will detect the new disk and ask you if you want to use the whole disk to increase the Snare Central disk capacity. Click the submit (arrow) button and after a few seconds the disk will be ready for use.

All new incoming data will be stored in the new disk and all previously existing data will remain in your old disk, in a read-only mode.

...