Appendix A. Querying the Archive

Chapter 7, “Archiving and Disaster Recovery,” describes the Cisco Security Monitoring, Analysis, and Response System (CS-MARS) archiving capabilities. The archives provide critical backup and recovery functionality, as well as the capability to run queries against the archives from within the CS-MARS user interface. Although this functionality is handy, sometimes you might find the need to use other tools to query the data.

If you have properly configured archiving, MARS will regularly write all event data to the Network File System (NFS) archive within minutes of being processed by MARS. This data is easily accessible through the command line from the host on which the data sits.

You might need to manipulate ...

Get Security Monitoring with Cisco Security MARS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.