Restoring a few days of recent data

Use this procedure to restore a few days worth of data that was archived from the GuardiumĀ® system that you are restoring it to.

Before you begin

  • On a Guardium collector, stop the inspection-core process by running CLI command stop inspection-core.
  • To restore from a TSM (Tivoli Storage Manager) server, upload a dsm.sys configuration to the Guardium system. Use the CLI command: import tsm config.
  • To restore from an EMC Centera, upload a .pea file to the Guardium system, in the Data Archive page.
  • If the target restore system is not the system that generated the archive to be restored, create a location entry in the Catalog Archive (Data and Result catalogs) or by running the GuardAPI (create_entry_location). This information is used to transfer the file to the target restore system.
  • If the archive file was created on a different Guardium system, verify that the system shared secret used by the Guardium system that encrypted the file is available on this system. Otherwise, it cannot decrypt the file. See About System Shared Secret.

About this task

Restoring archived data from a collector to: the same collector; an aggregator; or a different collector that is dedicated to investigation that is not part of an aggregation cluster.

Data cannot be captured during the restore process.

Procedure

  1. Go to Manage > Data Management > Data Restore.
    The Data Restore Search Criteria window opens.
  2. Select From and To dates to specify the time range for which you want data.
    The Data Restore Search Results pane opens.
  3. Optional: To filter the search results, enter the Host Name of the Guardium system from which the archive originated.
  4. Click Search.
    The Data Restore Search Results page opens, showing the records for all archive files from this Guardium system.
  5. Optional: To prevent purging of restored data even though it meets the purge requirements on the target restore Guardium system: enter the number of days that you want to retain the restored data on the system in the Don't purge restored data for at least field, and click Apply.
  6. Check the Select checkbox for each archive you want to restore.
  7. Click Restore.
  8. Click Done when you are finished.

What to do next

Verify that the restore operation status in Manage > Reports > Data Management > Restored Data is Succeeded.