截屏视频帮助
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archiving (backup) CSP Logs

创建时间: 21 11 月 2012 | 3 条评论

I am running CSP 5.28 and need a solution to archive (backup) the audit logs weekly.

This requirement is derived from a system hardening guide from DISA. I basically need to backup the events on the CSP server every week.

So far I have not seen how to do this task. Next week we are deploying this server and really need a hand.

I would like CSP to do the following:

1. Backup all the current logs each week

2. If the log file exceeds a set size, then backup the audit log and then clear the events.

Any help is greatly appreciated.

V/R

Derek

评论 条评论跳转至最新评论

pete_4u2002 的图片

why not use the SQL DB backup on regular basis?

DerekWarner 的图片

Does CSP provide for a backup of the event logs for archival purposes? 

1. Where are the logs stored, in MS SQL in the SCSP database?

2. Just looking for some assistance with this.

Stuart_Hawkins 的图片

Are you referring to the logs that are collected from your SCSP agents and stored in the SCSP database?  For those we would recommend the SQL Backup tools included with MS SQL.  If looking for the actual SCSP system events, many of those are also stored in the SCSP database as well so they would be backed up along with all of your event data.

Many customers also leverage a SIEM solution to archive event data as well.