Restoring archived data
You can restore archived data files to review historical data, and run reports or investigations.
Before you begin
About this task
Archives are written to an SCP or an FTP host, or to another external storage system. Archived files are restored by retrieving them through the archive catalog. The Data and Result catalogs, on each Guardium system, track archived files. A new record is added to the catalog whenever the appliance archives data or results. The catalog tracks where every archive file is sent so that the archive files can be retrieved and restored with minimal effort at any point in the future. To restore archives, you must copy one or more archive files to the Guardium system on which the data is to be restored.
Each day's data is in a separate file. Depending on how your archive and purge operations are configured, you might have multiple copies of archived data for the same day. For example, you schedule archive to run more than once per day; you click Run Once Now a couple of times; or the archive is scheduled to run and you also click Run Once Now.
- Restore the first day of the month and all the following days until the target date.
- Restore the target date and then the first day of the following month.
For example, to restore 28 June, either restore 1 June through 28 June, or restore 28 June and 1 July.
Restoring archive files from older versions into newer version appliance is supported for both collector and aggregator archive files. Restoring archive files into different or newly built appliances is supported. However, the “shared secret” used to archive on the original appliance must be the same as on the target appliance.
Restored audit data can be viewed as the regular audit data by using interactive or audit process reports.