Table Of Contents
Migrating Data from Cisco Security MARS 4.3.x to 5.3.x
Same Appliance Data Migration Work Flow
Different Appliance Data Migration Work Flow
pnexp Command: Migration Specific
pnimp Command: Migration Specific
Migrating Data from Cisco Security MARS 4.3.x to 5.3.x
Revised: September 12, 2008, OL-14671-01
CautionWhen migrating from 4.3.x to 5.3.x, the x is required to be the same number. For example, you can migrate from 4.3.5 to 5.3.5, but you cannot migrate from 4.3.2 to 5.3.5.
A primary difference between a 4.x and 5.x MARS Appliance is the underlying hardware; The 4.x versions run only on the following models: 20, 20R, 50, 100, 100e, 200, GC, and GCm. The 5.x versions run only on the following newer models: 110R, 110, 210, GC2R, and GC2.
When you move your configuration and event data from 4.x to 5.x, you are physically moving it from one appliance to another. This process is called data migration. In this document, we use the following terms and definitions:
•
•
All of these tasks are command line interface commands, either from the MARS Appliance console or the NFS server console.
This chapter contains the following topics to guide you through this process:
•
•
For more information on using this feature, see the following commands:
•
•
For NFS archive server settings and command use details, see the Install and Setup Guide for Cisco Security Monitoring Analysis and Response System guide. For other configuration or administrative tasks, see one of the following guides, depending on the model of your appliance:
•
•
Before You Begin
Review the following notes before planning your data migration:
•
Details. On your NFS server, you must use mode 775 to support a mixed environment of 4.x to 5.3.x software and when performing migrations from 4.x to 5.3.x. Due to difference of UID/GID between the 4.x to 5.x releases, you must allow r-x so an appliance running 5.3.x can import from files exported by a 4.x appliance.
•
Details. To migrate a Local Controller operating in managed mode, you must also migrate its managing Global Controller unless you plan to convert that Local Controller to standalone mode. If you plan to migrate both your Global Controller and Local Controller, migrate the Global Controller first and then the Local Controller. While a GC2 and GC2R can manage Local Controllers running 4.x software, the reverse is not possible (a GCm or GC cannot manage a Local Controller running 5.x software).
•
•
•
•
Same Appliance Data Migration Work Flow
The most common customer scenario involves migrating a single appliance from 4.3.x to 6.0.1. This migration process differs slightly from one where the data is migrated from one appliance to a different appliance. It differs in the order of performing the steps.
This procedure describes the work flow to follow when migrating data from 4.3.6 to 6.0.1 on the same appliance. This procedure does not apply to migrating from one appliance to another (see Different Appliance Data Migration Work Flow), which can reduce the overall downtime of your MARS system.
Summary Steps
1.
2.
3.
4.
5.
Note
To minimize the loss of event data, we recommend the following workflow:
Step 1
To verify the running version, follow these steps:
a.
b.
Result: The version number appears in the following format: major.minor.patch (build no.)
c.
Note
Step 2
•
•
Step 3
Disabling archive at this stage, rather than earlier, ensures that the target appliance is configured to archive its data according to the same schedule as the source device. Disabling the source device ensures the two devices do not conflict.
Step 4
•
•
Tip
Note
Caution
The following example specifies to export all event data received after 05/01/07:00 to the NFS server at 192.168.3.138. The event data is actually saved in a subdirectory of the [remote-path] value for the export data [remote-path] command. In this example, the path of the saved data is 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10. Write down this path as you must provide it in Step 10, where the event data is imported into the target appliance.
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> export data 192.168.3.138:/storage/mars_migration 05/01/07:0WARNING: this will stop CS-MARS, do you wish to continue (yes/no): yesEstimated total number of events to export: 1401080357Estimated time to export events: 12 hours 58 minutesEstimated space for exported events: 66809 MBDo you wish to continue (yes/no): yes!!! The exported event data is saved at192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10!!! Stopping CS-MARS processes ...!!! Restarting oracle ...!!! Exporting data in background now, enter 'status' or 'log' to view data exportingstatus and/or logs.The following tips provide guidance on successful export of the event data.
Tip
Q.
A.
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> log all!!! Enter 'Ctrl-C' to quit displaying logSep 4 11:25:21.293 2008@LM_INFO@Thread 1024:START DATA EXPORTING...Sep 4 11:25:21.293 2008@LM_INFO@Thread 1024:Parameter: nfs_path = 10.2.3.138:/storage/mars-migration/SJ-LC-220_2008-09-04-11-25-10Sep 4 11:25:21.293 2008@LM_INFO@Thread 1024:Parameter: event_start_time = 05/01/07:0Sep 4 11:25:21.395 2008@LM_INFO@Thread 1024:Trying to mount /mnt/pnarchiveSep 4 11:25:22.677 2008@LM_INFO@Thread 1024:EXPORTING REPORT RESULTS ...Q.
A.
Note
cd <export-path>; du -hs .",
If new files are being written, the disk usage of the directory increases slowly.
Step 5
Configuration data details the MARS Appliance settings and network view, including IP addresses assigned to the network adapters, the hostname, user accounts, and reporting device or managed Local Controller details. You should export the latest configuration data from the source appliance to a NFS or SFTP remote server if it is still operational.
Note
You can export the configuration data from the source appliance using the pnexp export config [remote-path] command. Continue with Step 6.
Write down the NFS or SFTP remote path where the configuration data is saved—it appears in the last line of the output of the pnexp export config [remote-path] command. You must specify this path when you import the configuration data into the target appliance. If the source appliance was configured to archive data, ensure that the specified remote-path value does not match the archive path of the source appliance. The configuration data export can take up to 10 minutes.
The following example specifies that the MARS Appliance should export the configuration data to the NFS server at 192.168.3.138. The last line of the output indicates the configuration data is saved at 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10, you are prompted to specify this path when you import configuration data into the target appliance.
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> export config 192.168.3.138:/storage/mars_migrationWARNING: this will stop CS-MARS, do you wish to continue (yes/no): yes!!! The exported config data is saved under sub-directory of192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10!!! Stopping CS-MARS processes ...!!! Exporting config data nowDumping configuration data, may take a while ...Configuration dump finished.Configdump to 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10 finished successfully.Step 6
Step 7
The following example illustrates proper use. The first message reminds you to export the latest configuration data from the source appliance, as described in Step 5. Enter yes to continue. If you exported from the running source appliance, the <remote-path> value is the NFS or SFTP remote path you wrote down in Step 5. If the source appliance is no longer available and you are importing previously archived configuration data from the remote server, the <remote-path> value is the archive path used by the source appliance.
[pnadmin]$ pnimppnimp> import config 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10The most recent configuration archive from 4.3.6 release or later found on the NFS serverwas created at 2008-09-04-11-25-10. Because events received after the config archive wascreated may not be imported correctly later on when you try to import event data, so ifpossible, you should always use 'pnexp' to export a fresh copy of configuration from theGen-1 MARS box before trying this command.Do you wish to continue (yes/no) : yesWARNING: this operation will overwrite current MARS box's configurations (both system andDB) and reboot the machine. After reboot, current MARS box will take over the IP address,hostname and MARS username/password of the MARS box from which the config archive wasexported, please make sure there will be no IP address conflict.Do you wish to continue (yes/no): yes!!! Stopping CS-MARS processes ...Invoking binary config importing procedure ...Recreating the database schema.Importing data into database ...Configuration data binary import done.Configrestore succeeded!!!! Updating system settings ...Broadcast message from root (pts/5) (Wed Jun 13 15:23:46 2008):Step 8
Step 9
•
•
Step 10
During the event import process, the target appliance continues to receive and process events.
The following example shows command syntax and expected output. You are initially prompted to import the most recent configuration data from the source appliance. To continue, enter yes. To import event data that was exported from the source appliance, the <remote-path> value for the import data <remote-path> command is the NFS or SFTP remote path written down in Step 4. To import event data previously archived by the source appliance, the <remote-path> value must match the archival path used by the source appliance.
pnadmin]$ pnimpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnimp> import data 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10 01/01/07Last imported configuration archive is from192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10/2008-09-04/CF/cf-4318-434_2008-09-04-11-25-10.pna created at 2008-09-04-11-25-10. Because events received after theconfig archive was created may not be imported correctly, you should import a latest copyof configuration from the Gen-1 MARS box before trying this command if possible.Do you wish to continue (yes/no): yesTotal number of days with data : 5Total number of event archives to import: 89Total number of report result archives to import: 1Total number of statistics archives to import: 4Total number of incident archives to import: 3Estimated time to import all events: 2 hours 1 minutesDo you wish to continue (yes/no): yes!!! Importing data in background now, enter 'status' or 'log' to view data importingstatus and/or logs.The following tips provide guidance on successful import of the event data.
Tip
Q.
A.
[root@storage2 ~]# ls /archive/migration/mars-rtp-1-test_2008-09-17-16-55-26/2008-09-14 2008-09-15 2008-09-16 2008-09-17Q.
A.
[pnadmin]$ pnimpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnimp> logWed Sep 5 14:37:37 2008 INFO (Index builder 0) begin building raw message indexes for data in /pnarchive/DATA_POOL/2008-09-01/ESWed Sep 5 14:37:42 2008 INFO (Index builder 1) begin building raw message indexes for data in /pnarchive/DATA_POOL/2008-09-01/ESWed Sep 5 14:37:49 2008 INFO Finished index buildingWed Sep 5 14:37:55 2008 INFO Finished index buildingWed Sep 5 14:37:55 2008 INFO Unmounting 10.2.3.138:/storage/hongbo/pnmars_2008-09-05-14-12-23 ...Wed Sep 5 14:37:56 2008 INFO Data importing successfully completed!Step 11
Example success messages include:
Mon Sep 17 21:05:19 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-99_2008-09-17-13-43-25_2008-09-17-13-56-21.gz imported!Mon Sep 17 21:05:19 2008 INFO Importing file /mnt/migration/2008-09-17/ES/es-4318-436-98_2008-09-17-13-31-18_2008-09-17-13-43-25.gzMon Sep 17 21:05:27 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-98_2008-09-17-13-31-18_2008-09-17-13-43-25.gz imported!Mon Sep 17 21:05:27 2008 INFO Importing file /mnt/migration/2008-09-17/ES/es-4318-436-97_2008-09-17-13-18-37_2008-09-17-13-31-18.gzMon Sep 17 21:05:34 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-97_2008-09-17-13-18-37_2008-09-17-13-31-18.gz imported!Mon Sep 17 21:05:34 2008 INFO Importing file /mnt/migration/2008-09-17/ES/es-4318-436-96_2008-09-17-13-06-34_2008-09-17-13-18-37.gzMon Sep 17 21:05:41 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-96_2008-09-17-13-06-34_2008-09-17-13-18-37.gz imported!Mon Sep 17 21:05:41 2008 INFO Importing file /mnt/migration/2008-09-17/ES/es-4318-436-95_2008-09-17-12-55-03_2008-09-17-13-06-34.gzMon Sep 17 21:05:49 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-95_2008-09-17-12-55-03_2008-09-17-13-06-34.gz imported!Example error messages include:
Mon Sep 17 21:05:49 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-95_2008-09-17-12-55-03_2008-09-17-13-06-34.gz imported with error!Mon Sep 17 21:05:49 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-95_2008-09-17-12-55-03_2008-09-17-13-06-34.gz skipped because of error!Mon Sep 17 21:05:49 2008 OK /mnt/migration/2008-09-17/ES/es-4318-436-95_2008-09-17-12-55-03_2008-09-17-13-06-34.gz skipped!
Different Appliance Data Migration Work Flow
Depending on how large the data set is, exporting event data may take between several hours and a day. During the pnexp export operation, all MARS processes are stopped and the source appliance is unable to processing any events—the MARS Appliance is off line during the export.
To minimize down time, Cisco recommends exporting the configuration data, bringing that configuration up on the target appliance, and reconfiguring the source appliance to prevent it from receiving new events. With the target appliance up and receiving events, you can safely export the event data from the source appliance without losing event data due to that downtime.
Summary Steps
1.
2.
3.
4.
5.
6.
Caution
To minimize the loss of event data, Cisco recommends the following workflow:
Step 1
To verify the running version, follow these steps:
a.
b.
Result: The version number appears in the following format: major.minor.patch (build no.)
c.
Note
Step 2
•
•
Step 3
Configuration data details the MARS Appliance settings and network view, including IP addresses assigned to the network adapters, the hostname, user accounts, and reporting device or managed Local Controller details. You should export the latest configuration data from the source appliance to a NFS server if it is still operational.
Note
•
Write down the NFS path where the configuration data is saved— it appears in the last line of the output of the pnexp export config [nfs-path] command. You must specify this path when you import the configuration data into the target appliance. If the source appliance was configured to archive data, ensure that the specified nfs-path value does not match the archive path of the source appliance. The configuration data export can take up to 10 minutes.
The following example specifies that the MARS Appliance should export the configuration data to the NFS server at 192.168.3.138. The last line of the output indicates the configuration data is saved at 192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10, you are prompted to specify this path when you import configuration data into the target appliance.
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> export config 192.168.3.138:/storage/mars_migrationWARNING: this will stop CS-MARS, do you wish to continue (yes/no): yes!!! The exported config data is saved under sub-directory of192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10!!! Stopping CS-MARS processes ...!!! Exporting config data nowDumping configuration data, may take a while ...Configuration dump finished.Configdump to 192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10 finished successfully.•
cd <archive_path>
find . -name cf-*-43*
If the second command returns with a list of file names that contain the substring "431", such as /2007-08-23/CF/cf-4318-431_2007-08-23-16-31-20.pna, then you can safely continue with Step 4. Otherwise, return to Step 1.
Step 4
This configuration is a temporary measure; once you verify the target appliance is operation, you must permanent disable or reconfigure the source appliance as described in Step 12.
Step 5
Disabling archive at this stage, rather than earlier, ensures that the target appliance is configured to archive its data according to the same schedule as the source device. Disabling the source device ensures the two devices do not conflict.
Step 6
The following example illustrates proper use. The first message reminds you to export the latest configuration data from the source appliance, as described in Step 3. Enter yes to continue. If you exported from the running source appliance, the <nfs-path> value is the NFS path you wrote down in Step 3. If the source appliance is no longer available and you are importing previously archived configuration data from the NFS server, the <nfs-path> value is the archive path used by the source appliance.
[pnadmin]$ pnimppnimp> import config 192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10The most recent configuration archive from 4.3.6 release or later found on the NFS serverwas created at 2007-09-04-11-25-10. Because events received after the config archive wascreated may not be imported correctly later on when you try to import event data, so ifpossible, you should always use 'pnexp' to export a fresh copy of configuration from theGen-1 MARS box before trying this command.Do you wish to continue (yes/no) : yesWARNING: this operation will overwrite current MARS box's configurations (both system andDB) and reboot the machine. After reboot, current MARS box will take over the IP address,hostname and MARS username/password of the MARS box from which the config archive wasexported, please make sure there will be no IP address conflict.Do you wish to continue (yes/no): yes!!! Stopping CS-MARS processes ...Invoking binary config importing procedure ...Recreating the database schema.Importing data into database ...Configuration data binary import done.Configrestore succeeded!!!! Updating system settings ...Broadcast message from root (pts/5) (Wed Jun 13 15:23:46 2007):Step 7
Step 8
•
•
Step 9
•
•
Tip
Note
Caution
The following example specifies to export all event data received after 05/01/07:00 to the NFS server at 192.168.3.138. The event data is actually saved in a subdirectory of the [nfs-path] value for the export data [nfs-path] command. In this example, the path of the saved data is 192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10. Write down this path as you must provide it in Step 10, where the event data is imported into the target appliance.
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> export data 192.168.3.138:/storage/mars_migration 05/01/07:0WARNING: this will stop CS-MARS, do you wish to continue (yes/no): yesEstimated total number of events to export: 1401080357Estimated time to export events: 12 hours 58 minutesEstimated space for exported events: 66809 MBDo you wish to continue (yes/no): yes!!! The exported event data is saved at192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10!!! Stopping CS-MARS processes ...!!! Restarting oracle ...!!! Exporting data in background now, enter 'status' or 'log' to view data exportingstatus and/or logs.The following tips provide guidance on successful export of the event data.
Tip
Q.
A.
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> log all!!! Enter 'Ctrl-C' to quit displaying logSep 4 11:25:21.293 2007@LM_INFO@Thread 1024:START DATA EXPORTING...Sep 4 11:25:21.293 2007@LM_INFO@Thread 1024:Parameter: nfs_path = 10.2.3.138:/storage/mars-migration/SJ-LC-220_2007-09-04-11-25-10Sep 4 11:25:21.293 2007@LM_INFO@Thread 1024:Parameter: event_start_time = 05/01/07:0Sep 4 11:25:21.395 2007@LM_INFO@Thread 1024:Trying to mount /mnt/pnarchiveSep 4 11:25:22.677 2007@LM_INFO@Thread 1024:EXPORTING REPORT RESULTS ...Q.
A.
Note
cd <export-path>; du -hs .",
If new files are being written, the disk usage of the directory increases slowly.
Step 10
During the event import process, the target appliance continues to receive and process events.
The following example shows command syntax and expected output. You are initially prompted to import the most recent configuration data from the source appliance. To continue, enter yes. To import event data that was exported from the source appliance, the <nfs-path> value for the import data <nfs-path> command is the NFS path written down in Step 9. To import event data previously archived by the source appliance, the <nfs-path> value must match the archival path used by the source appliance.
pnadmin]$ pnimpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnimp> import data 192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10 01/01/07Last imported configuration archive is from192.168.3.138:/storage/mars_migration/LC-220_2007-09-04-11-25-10/2007-09-04/CF/cf-4318-431_2007-09-04-11-25-10.pna created at 2007-09-04-11-25-10. Because events received after theconfig archive was created may not be imported correctly, you should import a latest copyof configuration from the Gen-1 MARS box before trying this command if possible.Do you wish to continue (yes/no): yesTotal number of days with data : 5Total number of event archives to import: 89Total number of report result archives to import: 1Total number of statistics archives to import: 4Total number of incident archives to import: 3Estimated time to import all events: 2 hours 1 minutesDo you wish to continue (yes/no): yes!!! Importing data in background now, enter 'status' or 'log' to view data importingstatus and/or logs.The following tips provide guidance on successful import of the event data.
Tip
Q.
A.
[root@storage2 ~]# ls /archive/migration/mars-rtp-1-test_2007-09-17-16-55-26/2007-09-14 2007-09-15 2007-09-16 2007-09-17Q.
A.
[pnadmin]$ pnimpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnimp> logWed Sep 5 14:37:37 2007 INFO (Index builder 0) begin building raw message indexes for data in /pnarchive/DATA_POOL/2007-09-01/ESWed Sep 5 14:37:42 2007 INFO (Index builder 1) begin building raw message indexes for data in /pnarchive/DATA_POOL/2007-09-01/ESWed Sep 5 14:37:49 2007 INFO Finished index buildingWed Sep 5 14:37:55 2007 INFO Finished index buildingWed Sep 5 14:37:55 2007 INFO Unmounting 10.2.3.138:/storage/hongbo/pnmars_2007-09-05-14-12-23 ...Wed Sep 5 14:37:56 2007 INFO Data importing successfully completed!Step 11
Example success messages include:
Mon Sep 17 21:05:19 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-99_2007-09-17-13-43-25_2007-09-17-13-56-21.gz imported!Mon Sep 17 21:05:19 2007 INFO Importing file /mnt/migration/2007-09-17/ES/es-4318-431-98_2007-09-17-13-31-18_2007-09-17-13-43-25.gzMon Sep 17 21:05:27 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-98_2007-09-17-13-31-18_2007-09-17-13-43-25.gz imported!Mon Sep 17 21:05:27 2007 INFO Importing file /mnt/migration/2007-09-17/ES/es-4318-431-97_2007-09-17-13-18-37_2007-09-17-13-31-18.gzMon Sep 17 21:05:34 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-97_2007-09-17-13-18-37_2007-09-17-13-31-18.gz imported!Mon Sep 17 21:05:34 2007 INFO Importing file /mnt/migration/2007-09-17/ES/es-4318-431-96_2007-09-17-13-06-34_2007-09-17-13-18-37.gzMon Sep 17 21:05:41 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-96_2007-09-17-13-06-34_2007-09-17-13-18-37.gz imported!Mon Sep 17 21:05:41 2007 INFO Importing file /mnt/migration/2007-09-17/ES/es-4318-431-95_2007-09-17-12-55-03_2007-09-17-13-06-34.gzMon Sep 17 21:05:49 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-95_2007-09-17-12-55-03_2007-09-17-13-06-34.gz imported!Example error messages include:
Mon Sep 17 21:05:49 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-95_2007-09-17-12-55-03_2007-09-17-13-06-34.gz imported with error!Mon Sep 17 21:05:49 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-95_2007-09-17-12-55-03_2007-09-17-13-06-34.gz skipped because of error!Mon Sep 17 21:05:49 2007 OK /mnt/migration/2007-09-17/ES/es-4318-431-95_2007-09-17-12-55-03_2007-09-17-13-06-34.gz skipped!Step 12
Whether you imported the configuration data from a source appliance or a NFS archive server, you must permanently disable or reconfigure the source appliance to prevent network conflicts and to purge reporting devices and scheduled discoveries once you've confirmed a successful migration. After configuration data import and reboot, the target appliance assumes the IP address, hostname, and username/password of the source appliance.
Note
Select one of the following options to disable or reconfigure the source appliance:
•
•
•
pnexp Command: Migration Specific
From the pnexp command prompt, you can access time and disk space required for a data export, review the size of the database and the data therein, start and stop the export of configuration data, event data, or both, and check the status of an ongoing export. To access the pnexp command prompt, use the pnexp command at the pnadmin prompt:
pnexp
Command History
4.3.1
This command was introduced in the Local Controller and Global Controller version 4.x trains.
4.3.4
Support for exporting to a SFTP server was added.
Syntax Description
Usage Guidelines
Use the pnexp command to prepare and export configuration and event data from MARS Appliance running 4.x as separate data so you can import either or both on a MARS Appliance running 5.x software. When the export operation begins, that MARS Appliance stops receiving events until the exporting process completes.
Caution
The configuration export runs in the foreground displaying its status and errors immediately, where as event data export runs in the background. Use the log {all | recent} command to view the running status log for event data export.
The event export part of this operation can take a long time, as the export speed ranges between 6,000 and 30,000 events per second depending on the appliance model. Event data is exported in the following order: report result, statistics, incident and firing events, and event session. If the remote NFS server becomes unavailable during a lengthy export operation, the pnexp program attempts to remount the server. For event data export, logs are written to the /log/export.log file.
Examples
The following example specifies that the MARS Appliance should export the configuration data to the NFS archive found at 192.168.3.138:/storage/mars_migration:
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> export config 192.168.3.138:/storage/mars_migrationWARNING: this will stop CS-MARS, do you wish to continue (yes/no): yes!!! The exported config data is saved under sub-directory of 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10!!! Stopping CS-MARS processes ...!!! Exporting config data nowDumping configuration data, may take a while ...Configuration dump finished.Configdump to 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10 finished successfully.The following example specifies that the MARS Appliance should export the event data corresponding to the configuration data in the previous example:
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> export data 192.168.3.138:/storage/mars_migration 05/01/07:0WARNING: this will stop CS-MARS, do you wish to continue (yes/no): yesEstimated total number of events to export: 1401080357Estimated time to export events: 12 hours 58 minutesEstimated space for exported events: 66809 MBDo you wish to continue (yes/no): yes!!! The exported event data is saved at 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10!!! Stopping CS-MARS processes ...!!! Restarting oracle ...!!! Exporting data in background now, enter 'status' or 'log' to view data exporting status and/or logs.The following example shows the expected output of the pnexp log command:
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> log!!! Enter 'Ctrl-C' to quit displaying logSep 4 23:10:33.860 2008@LM_INFO@Thread 1024:Joining worker threadsSep 4 23:10:34.225 2008@LM_INFO@Thread 1024:Total number of events exported: 1401080357Sep 4 23:10:34.236 2008@LM_INFO@Thread 1024:EXPORTING EVENT SESSIONS COMPLETED!Sep 4 23:10:34.332 2008@LM_INFO@Thread 1024:WAITING FOR THE DATA MOVER THREAD TO FINISH!Sep 4 23:15:48.556 2008@LM_INFO@Thread 1026:Exiting data mover threadSep 4 23:15:48.560 2008@LM_INFO@Thread 1024:DATA EXPORTING COMPLETED!
Tip
Sep 4 11:25:21.293 2008@LM_INFO@Thread 1024:START DATA EXPORTING...Sep 4 11:25:21.293 2008@LM_INFO@Thread 1024:Parameter: nfs_path = 192.168.3.138:/storage/mars_migration/LC-220_2008-09-04-11-25-10Sep 4 11:25:21.293 2008@LM_INFO@Thread 1024:Parameter: event_start_time = 05/01/07:0Sep 4 11:25:21.395 2008@LM_INFO@Thread 1024:Trying to mount /mnt/pnarchiveSep 4 11:25:22.677 2008@LM_INFO@Thread 1024:EXPORTING REPORT RESULTS ...The following example displays the number of devices, reports, and rules in the database, which is used to verify the pnimport config results.
[pnadmin]$ pnexpEnter 'help' for a list of valid commands, 'exit' or 'quit' to exit.pnexp> configNum of devices: 42482Num of interfaces: 51284Num of networks: 86Num of network groups: 3Num of reports: 253Num of report groups: 31Num of rules: 1261Num of rule groups: 16Num of users: 30Num of user groups: 5Related Commands
Import configuration and event data into a MARS Appliance running version 5.3.1 or later.
pnimp Command: Migration Specific
From the pnimp command prompt, you can access time required for a data import, review the size of the event data set on the NFS server, start and stop the import of configuration data or event data, and check the status of an ongoing import. To access the pnimp command prompt, use the pnimp command at the pnadmin prompt:
pnimp
Command History
Guest
