All backups on SIEM 11.x systems are performed incrementally. SIEM 11.0 removes the Full Backup button. Also, with this version, the size of incremental backups is restricted to a maximum of two weeks of data. With the release of SIEM 11.1.0, the incremental backup size limitation is increased to 99 days. The incremental backup size limitation is removed when SIEM 11.1.1 is released. This change makes it possible to back up all data on your SIEM.
NOTE: If you reset the backup time on a production SIEM, it backs up all data on the system. But, it might take substantial time to complete.
When you reset the backup time, you can create an initial data backup again and potentially create a new full backup of all data.
To reset the backup time, perform the steps below:
- Log on to the Primary ESM of the cluster using SSH.
- Reset the last backup time and force the next backup to be the initial backup. Run the following command:
nquery -d '/usr/local/ess/data/ngcp.dfl|127.0.0.1|1110' -q 'update syssettings set value = 0 where attribute = "DataAutoBackupLastTime"'
- Run a data backup.
