IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  QRadar Manual backup

    Posted Tue January 14, 2020 04:00 PM
    Hi ,

    I am looking for a solution to back up all the event data on the QRadar to our external azure blob storage. We have mounted /store/backup to blobstorage.  The night backup only backs up last 24 hours data.  I need to export all the event data to this storage.

    If I manually tar /store/ariel/events and save it to /store/backup ,  will the backup be created which can be restored

    Regards,
    Ujjwal

    ------------------------------
    Ujjwal Mohan
    ------------------------------


  • 2.  RE: QRadar Manual backup

    Posted Mon January 27, 2020 08:31 AM
    To help out, is the QRadar setup you have a single AIO? an HA-pair AIO? or distributed with data nodes? Is this an appliance on bare-metal or a VM?

    Each has slightly different backup and recovery approaches.

    ------------------------------
    Darren H.
    ------------------------------

    Original Message


  • 3.  RE: QRadar Manual backup

    Posted Thu January 30, 2020 09:54 AM
    Hi Ujjwal,

    maybe it would be an idea to mount your azure blob storage to a different mount point, something like /store/backup/azure. And then run a cron job with rsync.
    This way you can sync all data from /store/Ariel/events to azure on a regular base. 

    A restore would just be the other way around. But keep in mind that you have to keep an eye on the retention time of the data ;-)

    ------------------------------
    Kind regards
    Oliver
    ------------------------------

    Original Message