IBM Security QRadar

Expand all | Collapse all

QRadar Manual backup

  • 1.  QRadar Manual backup

    Posted Tue January 14, 2020 04:00 PM
    Hi ,

    I am looking for a solution to back up all the event data on the QRadar to our external azure blob storage. We have mounted /store/backup to blobstorage.  The night backup only backs up last 24 hours data.  I need to export all the event data to this storage.

    If I manually tar /store/ariel/events and save it to /store/backup ,  will the backup be created which can be restored

    Regards,
    Ujjwal

    ------------------------------
    Ujjwal Mohan
    ------------------------------


  • 2.  RE: QRadar Manual backup

    Posted Mon January 27, 2020 08:31 AM
    To help out, is the QRadar setup you have a single AIO? an HA-pair AIO? or distributed with data nodes? Is this an appliance on bare-metal or a VM?

    Each has slightly different backup and recovery approaches.

    ------------------------------
    Darren H.
    ------------------------------

    Original Message


  • 3.  RE: QRadar Manual backup

    Posted Thu January 30, 2020 09:54 AM
    Hi Ujjwal,

    maybe it would be an idea to mount your azure blob storage to a different mount point, something like /store/backup/azure. And then run a cron job with rsync.
    This way you can sync all data from /store/Ariel/events to azure on a regular base. 

    A restore would just be the other way around. But keep in mind that you have to keep an eye on the retention time of the data ;-)

    ------------------------------
    Kind regards
    Oliver
    ------------------------------

    Original Message