Appendix A. Querying the Archive

Chapter 7, “Archiving and Disaster Recovery,” describes the Cisco Security Monitoring, Analysis, and Response System (CS-MARS) archiving capabilities. The archives provide critical backup and recovery functionality, as well as the capability to run queries against the archives from within the CS-MARS user interface. Although this functionality is handy, sometimes you might find the need to use other tools to query the data.

If you have properly configured archiving, MARS will regularly write all event data to the Network File System (NFS) archive within minutes of being processed by MARS. This data is easily accessible through the command line from the host on which the data sits.

You might need to manipulate ...

Get Security Monitoring with Cisco Security MARS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.