Critical System Protection

 View Only

  • 1.  Archiving (backup) CSP Logs

    Posted Nov 21, 2012 09:17 PM

    I am running CSP 5.28 and need a solution to archive (backup) the audit logs weekly.

    This requirement is derived from a system hardening guide from DISA. I basically need to backup the events on the CSP server every week.

    So far I have not seen how to do this task. Next week we are deploying this server and really need a hand.

    I would like CSP to do the following:

    1. Backup all the current logs each week

    2. If the log file exceeds a set size, then backup the audit log and then clear the events.

    Any help is greatly appreciated.

     

    V/R

    Derek



  • 2.  RE: Archiving (backup) CSP Logs

    Broadcom Employee
    Posted Nov 21, 2012 09:28 PM

    why not use the SQL DB backup on regular basis?



  • 3.  RE: Archiving (backup) CSP Logs

    Posted Nov 22, 2012 10:34 AM

    Does CSP provide for a backup of the event logs for archival purposes? 

     

    1. Where are the logs stored, in MS SQL in the SCSP database?

    2. Just looking for some assistance with this.



  • 4.  RE: Archiving (backup) CSP Logs

    Broadcom Employee
    Posted Dec 04, 2012 10:24 PM

    Are you referring to the logs that are collected from your SCSP agents and stored in the SCSP database?  For those we would recommend the SQL Backup tools included with MS SQL.  If looking for the actual SCSP system events, many of those are also stored in the SCSP database as well so they would be backed up along with all of your event data.

    Many customers also leverage a SIEM solution to archive event data as well.