A very common task when managing data in IBM Security Guardium™ appliances is to restore one or more previously created incremental backup files. This process is called "Data Restore".
Sometimes the process may finish with an error.
| Cannot Import/Restore when snif is running, use CLI to stop it |
When you try to perform the "Data Restore" process in an IBM Security Guardium™ Collector appliance, it finishes with an error.
In review of the "Aggregation/Archive Log" report, the status of the Restore task is displayed as Failed.
There is a very important general component of the product that runs as a service in all Guardium™ Collector appliances, named Inspection Core (also known as Sniffer), which applies the data processing logic to the Data Activity Monitoring (DAM) traffic it receives.
Because the operations it performs can be very intense on the database, the system does not allow other heavy tasks to be performed, as a way to protect the integrity of the data within the server.
The information presented in this document applies to Collector appliances with any version of Guardium™ installed.
The examples and references used in this document were grabbed from a v11.3 environment.
1. Log in to the graphical user interface (GUI). Locate and execute the "Aggregation/Archive Log" report.
|
Tip 1: Typically, this report can be located at the GUI path "Manage > Reports > Data Management > Aggregation/Archive Log".
You can use the top-middle search bar to facilitate its location.
|
2. Right click on any entry related to a Data Restore task that failed.
3. Drill down the record information by selecting the "Aggregation/Archive Detail Log" report.
4. A new Web browser tab or window is opened (depending on its configuration) showing the error message Cannot Import/Restore when snif is running, use CLI to stop it.
The issue can be easily resolved by stopping the inspection core (Sniffer) before trying to execute the Data Restore task.
1. Log in to the command-line interface (CLI) of the Guardium™ appliance.
2. Execute the "stop inspection-core" command.
|
Note 1: When you stop the Sniffer, no DAM traffic is being processed by the Guardium™ appliance.
You should take that into consideration and plan the task accordingly.
|
2. Once the Sniffer is stopped, perform the required "Data Restore".
3. After finishing, restart the Sniffer by executing the "restart inspection-core" command.
restart inspection-core
| Tip 1. This solution also applies to the "Data Import" if it fails due to the same error. |
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"Aggregation;Aggregator;Data Restore;Data Archive;Inspection Core;Sniffer","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
