Question & Answer
What needs to be done to add disk space ? When disk size is increased, does Guardium allocate more space to the internal database atutomatically or does that need to be defined separately ?
You may want to increase the disk space in the following circumstances :-
- Initial disk mapping of the appliance is small
- Policy rules require full logging and the internal database fills up fast (over 100%).
- The decision is to add disks rather than work on Policy to reduce collected traffic.
Additional disk space cannot be added in existing Appliances. It must be rebuilt and reconfigured.
From v9.x onwards, Guardium supports a maximum of 2TB disk. -
v9.0/v9.1 System Requirements
v9.5 System Requirements
v10 Software Appliance Technical Requirements
You can either
- build the appliance from scratch using the .ISO image or
- clone an existing appliance.
Use a "system backup" to remote server, then "system restore" from the same remote server.
There are two types of system backup and system restore. One is Data, the other is Configuration.
** Note: All files related to Guardium Configuration are stored in the Configuration file. If you backup system for Data without Configuration then you will not see policies and report definitions, ip hostname mapping, user groups, audit config etc. So in this case it is essential to perform a SYSTEM BACKUP FOR DATA AND CONFIGURATION unless you want to create definition files manually all over again.
The same host/username/password where backup file resides is required for a system restore.
To backup a system from GUI:
To backup system from cli:
To restore system from cli:
If there is a Central Manager (CM) and Collector, you may follow Backup and Restore procedures in this link below. Shared secrets are required for communication between appliances.
Follow the backup and restore process
It is strongly recommended to keep a Backup Collector in order that data logging is not disrupted while working to recover a disk full situation. Otherwise, you will have to consider downtime.
To clone data on an existing appliance:
In the current Collector:
1. Backup system for Data
2. Backup system for Configuration
3. Ensure backup system files for Data and Configuration exist in the remote backup server.
Either rebuild the current or have a new Collector using this steps:
1. Build the appliance on the new ISO image
2. Restore system Data backup
3. Restore system Configuration backup
4. Restore old archive files for missing days as needed. This step is optional if you want to restore past data
5. Apply license
6. Restart appliance
7. Check inspection engine all active
8. Run reports to see if new data in report
Once you completed step 8 and you see new data in your GUI reports, the clone can be considered successful. Complete step 9 and the appliance is almost ready for use.
9. Apply latest patch(es) from Fix Central. If you are not sure, contact Guardium Tech Support for the latest list of patches.
Lastly , create two critical alerts in step 10 and you are 100% done.
10. Setup sniffer and disk space alert. This is optional but strongly recommended.
Alert on Sniffer restarts
Alert on Internal Database filling up
Related Reading :-
Monitoring a Guardium System using Alerts
Guardium Redbook Download - Look for a section 3.9.8 Self-monitoring
16 June 2018