...
...
...
...
...
...
...
...
Autoremove Data
This objective provides a mechanism to automatically manage the large amount of data that Snare Central is capable of collecting. Snare administrators can establish scheduled deletion tasks based on data age, log type, log name or agent.
...
| Tip |
|---|
A list of deleted files will be logged in the Snare Log file after a successful execution, along with any notifications as a result of problems with the removal process. |
Data Backup
Snare can backup data to optical, or removable USB media. Select a device type to continue to the data archival process.
| Info |
|---|
|
Optical Media - Interactive
Selecting either the CD or DVD options will present an option to generate either:
...
Once the process has completed, the dialog will offer you the opportunity to display, or remove the files that have been transferred to CD/DVD.
| Tip |
|---|
| Snare validates the CD or DVD after generation, to make sure that files of the correct name and size have been copied to the optical media. However, for peace of mind, it is highly recommended that the physical media, and contents, be checked on another server before the files that have been migrated off the server, are removed from the Snare data archive. |
| Info |
|---|
|
If you have chosen to generate an ISO image, the image file will be available for download from the front objective output page. You can also choose to remove the CD or DVD from the dialog that pops up when you select the download link, or request an MD5 checksum of the image, to provide a level of assurance that your download matches the image generated by the Snare Server.
| Info |
|---|
|
Optical Media - Scheduled
When run as a scheduled task, the objective will check the configuration settings for your preferred optical media type (CD or DVD). On regeneration, the objective will create a CD or DVD sized ISO image, which will be available to you to download and burn to a local CD/DVD drive.
...
- Data from 'last month' only.
- Data that is more than 30, 60, 90 or 365 days old.
USB Media
Choosing the 'USB Drive/Key' button will allow you to synchronise all, or a portion of your current event log data, with a USB device.
...
Existing data already present on the device will be compared against the current contents of your data archive, and only new, or changed, data will be copied across to the target device. Data that already exists on the target device, but has been removed from the Snare Server data store, will not be touched.
| Tip |
|---|
| 1 terabyte external USB drives are common, and reasonably cheap. A 1 terabyte external USB drive can hold somewhere near 40-50 terabytes of compressed snare log data - which is roughly equivalent to a year's worth of data at 5,000 events every second, for the entire year. |
...
Choosing a USB device as a target device, and setting the objective to regenerate nightly with all data other than the current day, will provide an automated external backup solution for eventlog data. Once you have either filled the external drive, or wish to swap to other media, any data that has been copied over to external storage can be removed manually, and the USB media synchronisation reestablished for the new device.
Remove Data
The Remove Data objective provides the ability to remove data by date, log type or agent.
...