Autoremove Data
This objective provides a mechanism to automatically manage the large amount of data that Snare Central is capable of collecting. Snare administrators can establish scheduled deletion tasks based on data age, log type, log name or agent.
...
Once the process has completed, the dialog will offer you the opportunity to display, or remove the files that have been transferred to CD/DVD.
| Tip |
|---|
| Snare validates the CD or DVD after generation, to make sure that files of the correct name and size have been copied to the optical media. However, for peace of mind, it is highly recommended that the physical media, and contents, be checked on another server before the files that have been migrated off the server, are removed from the Snare data archive. |
| Info |
|---|
|
If you have chosen to generate an ISO image, the image file will be available for download from the front objective output page. You can also choose to remove the CD or DVD from the dialog that pops up when you select the download link, or request an MD5 checksum of the image, to provide a level of assurance that your download matches the image generated by the Snare Server.
...
Existing data already present on the device will be compared against the current contents of your data archive, and only new, or changed, data will be copied across to the target device. Data that already exists on the target device, but has been removed from the Snare Server data store, will not be touched.
| Tip |
|---|
| 1 terabyte external USB drives are common, and reasonably cheap. A 1 terabyte external USB drive can hold somewhere near 40-50 terabytes of compressed snare log data - which is roughly equivalent to a year's worth of data at 5,000 events every second, for the entire year. |
...