IBM Security QRadar

 View Only
  • 1.  Move Ariel index between DATANODES (Decommission Datanode)

    Posted Thu December 05, 2019 12:44 PM
    Hi,
    I would like to decommission a datanode from QRadar. before do it, I would like to be sure that all event will be replicated to the other datanode, in the way that the two databases will be merged (not one erase the other).


    How can I merge events (Ariel index) from Datanode to another datanode?

    Thanks



    ------------------------------
    Zoheir D
    ------------------------------


  • 2.  RE: Move Ariel index between DATANODES (Decommission Datanode)

    Posted Fri January 03, 2020 12:38 PM
    Best of luck to you.  This is a manual process of copying the ariel files from one to the other via scp or something similar.  If you reach out to support I believe they have a script that will help.

    ------------------------------
    AJ Reeves
    ------------------------------



  • 3.  RE: Move Ariel index between DATANODES (Decommission Datanode)

    Posted Mon January 06, 2020 09:32 AM
    Not sure Datanodes can work like that, I thought there was some magic that determined which data went where. As for the Ariel DB copy there is is: 

    To copy the data from the old hardware to the new appliance (targetserver), type the following command:
    Example 1: rsync -avz /store/ariel/ root@targetserver:/store/ariel
    Example 2: scp -pr /store/ariel root@targetserver:/store/


    However you want to do it in a screen session and probably want to do it in smaller batches depending on the size.

    ------------------------------
    Ian Lewis
    ------------------------------