Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archiving (backup) CSP Logs

Created: 21 Nov 2012 | 3 comments

I am running CSP 5.28 and need a solution to archive (backup) the audit logs weekly.

This requirement is derived from a system hardening guide from DISA. I basically need to backup the events on the CSP server every week.

So far I have not seen how to do this task. Next week we are deploying this server and really need a hand.

I would like CSP to do the following:

1. Backup all the current logs each week

2. If the log file exceeds a set size, then backup the audit log and then clear the events.

Any help is greatly appreciated.

V/R

Derek

Comments 3 CommentsJump to latest comment

pete_4u2002's picture

why not use the SQL DB backup on regular basis?

DerekWarner's picture

Does CSP provide for a backup of the event logs for archival purposes? 

1. Where are the logs stored, in MS SQL in the SCSP database?

2. Just looking for some assistance with this.

Stuart_Hawkins's picture

Are you referring to the logs that are collected from your SCSP agents and stored in the SCSP database?  For those we would recommend the SQL Backup tools included with MS SQL.  If looking for the actual SCSP system events, many of those are also stored in the SCSP database as well so they would be backed up along with all of your event data.

Many customers also leverage a SIEM solution to archive event data as well.