Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

Similar documents
Managing User-Defined QID Map Entries

Customizing the Right-Click Menu

Deploying JSA in an IPV6 Environment

SETTING UP A JSA SERVER

Setting Up an STRM Update Server

Reference Data Collections

Restore Data. Release Juniper Secure Analytics. Juniper Networks, Inc.

Deploying STRM in an IPV6 Environment

Installing JSA Using a Bootable USB Flash Drive

Reconfigure Offboard Storage During a JSA Upgrade

Release Notes. Juniper Secure Analytics. Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA

Forwarding Logs Using Tail2Syslog. Release Security Threat Response Manager. Juniper Networks, Inc.

JSA Common Ports Lists

NSM Plug-In Users Guide

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Upgrading STRM to

High Availability Guide

NSM Plug-In Users Guide

CUSTOM EVENT PROPERTIES FOR IBM Z/OS

Troubleshooting Guide

Release Notes Patch 1

NSM Plug-In Users Guide

STRM Administration Guide

Customizing SNMP Traps

Adaptive Log Exporter Users Guide

WinCollect User Guide

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

STRM Log Manager Administration Guide

STRM Getting Started Guide. Release Security Threat Response Manager. Juniper Networks, Inc.

ScreenOS 5.4.0r4 FIPS Reference Note

UPGRADING STRM TO R1 PATCH

Blackwire C610 Blackwire C620

Cisco Meeting Management

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

Cisco Meeting Management

Tetration Cluster Cloud Deployment Guide

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Hardware Installation 1. Install two AA batteries in the mouse. Pairing Process in Vista and Windows XP SP2

RFID SIP Firmware Update Instructions for minipad / rpad

STRM Adaptive Log Exporter

Bluetooth Micro Dongle User s Guide. Rating: 5V DC 80mA Made in China

Wireless LAN. SmartPass Quick Start Guide. Release 9.0. Published: Copyright 2013, Juniper Networks, Inc.

Log Sources Users Guide

Cisco Unified IP Conference Phone 8831 and 8831NR Release Notes for Firmware Release 10.3(1)SR3

Cisco Videoscape Distribution Suite Transparent Caching Troubleshooting Guide

Panda Wireless Version 4.0 ( BLE + EDR) Bluetooth USB Adapter Quick Start Guide Model number: PBU40 FCC ID:2ADUTLGPBU40

Zodiac WX QUICK START GUIDE

Cisco Meeting App. What's new in Cisco Meeting App Version December 17

Single Port Serial PC Card User Manual

Home Automation by Reliant User Manual

Considerations for Deploying Cisco Expressway Solutions on a Business Edition Server

Operation Manual for Cloud 3700F Version 0

Device Registration Walkthrough

Bluetooth Mini Keyboard. User s Manual. Version /05 ID NO: PAKL-231B

QUICK START GUIDE HOW TO LOAD YOUR ECLIPSE MP3 PLAYER:USING WINDOWS MEDIA PLAYER* When you connect your device to your computer and open your

USB Ultra-Mini Bluetooth 2.0 Adapter with EDR USER GUIDE

User Manual ZKBioBL.

TERMINAL USER MANUAL 13/12/2017

Table 1 List of Common Ports Used by STRM Components. Port Direction Reason. components. your SMTP gateway

TABLE OF CONTENTS Folding the Jacket Case into a Stand... 2 FCC Information... 3 Location of Parts and Controls... 4 Charging the Keyboard...

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Charging Pad / Charging Stand

USER S MANUAL. QS2 USB2.0 QS2 USB2.0/eSATA Combo and QS2 USB2.0/eSATA/Firewire Combo Models

LaserJet Pro M501 Getting Started Guide

IDP NetScreen-Security Manager Migration Guide

Lantronix Wi-Fi Module Configuration Guide

Installation Guide. DVI Net ShareStation GDIP201 PART NO. M1048

USER GUIDE. Element Wireless Smart Plug Model: E1C-NB6

VS0801H 8-Port HDMI Switch RS-232 Control Tool V User Manual

FlyTV MCE Installation Guide Animation Technologies Inc.

Juniper Secure Analytics Patch Release Notes

RocketRAID 272x/271x Host Adapter

Owner s Manual 2-Port USB to Serial Adapter Cable

1. Product description

Wireless Palm Style Keyboard with Touchpad PKA-1720A. User s Manual. Version /08 ID NO:

USB Hub-Audio Series. January 1999 A

DATALOCKER H100 ENCRYPTED HARD DRIVE. User Guide

IRONKEY H80 USER GUIDE

NA502 Multiple RF Home Gateway

Rocket 272x 6Gb/s SAS/SATA Host Adapter Quick Installation Guide

Retractable Kaleidoscope TM Notebook mouse USER GUIDE

HDD external enclosure for data-storage mobility with LAN sharing LAN MAC. USER Manual

4MP WI-FI PAN TILT CAMERA QUICK START GUIDE ENGLISH

Quick Start Guide. 2/4-Port 4K DisplayPort KVMP Switch with Dual Video Out and RS-232

4800B Series PC Card Wireless LAN Adapter Quick-Start Guide

SV PRO Network Security Appliance Quick Start Guide

Juniper Secure Analytics Patch Release Notes

EN Series / EXN. Telephone Entry & Access Control System. Quick Start Guide (EN-2A4) ( EXN )

Juniper Secure Analytics Patch Release Notes

BLUETOOTH KEYBOARD & SPEAKER CASE

STRM Series to JSA Series

Accessibility Features for the Cisco Unified SIP Phone 3905

USER GUIDE. Ultra-Slim Stow-N-Go TM ExpressCard Presenter

RocketRAID 644L / 642L. 6Gb/s esata PCI-Express 2.0 RAID HBA

Addonics Technologies. ExDrive. User Guide. Revision 2.7

WL556E Portable Wireless-N Repeater

Juniper Secure Analytics Patch Release Notes

Quick Start Guide Bluetooth to Serial Adapter

BIO-HP1 Hand Punch Reader. and. CBL-BIO-HP1 Connecting Cable. Installation Guide

ViewXnet. Ethernet to DVI/VGA adapter USER S MANUAL

Transcription:

Juniper Secure Analytics Release 2014.8 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2016-11-29

Copyright Notice Copyright 2016 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. The following terms are trademarks or registered trademarks of other companies: Java TM and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. FCC Statement The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/tv technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected. Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device. Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT, SUBJECT TO THE MODIFICTAIONS SET FORTH BELOW ON THIS PAGE, ARE SET FORTH IN THE INFORMATION PACKET Thigh availabilityt SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY. Release 2014.8 Copyright 2016, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History November 2016 The information in this document is current as of the date listed in the revision history. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.juniper.net/support/eula.html, as modified by the following text, which shall be treated under the EULA as an Entitlement Document taking precedence over any conflicting provisions of such EULA as regards such software: As regards software accompanying the STRM products (the Program ), such software contains software licensed by Q1 Labs and is further accompanied by third-party software that is described in the applicable documentation or materials provided by Juniper Networks. 2

For the convenience of Licensee, the Program may be accompanied by a third party operating system. The operating system is not part of the Program, and is licensed directly by the operating system provider (e.g., Red Hat Inc., Novell Inc., etc.) to Licensee. Neither Juniper Networks nor Q1 Labs is a party to the license between Licensee and the third party operating system provider, and the Program includes the third party operating system AS IS, without representation or warranty, express or implied, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement. For an installed Red Hat operating system, see the license file: /usr/share/doc/redhat-release-server-6server/eula. By downloading, installing or using such software, you agree to the terms and conditions of that EULA as so modified. 3

4

CONTENTS 1 PARTITION SPLITTING Before You Begin..................................................... 7 Script................................................ 8 Partitioning the High Availability Cluster Hosts.............................. 8 Disconnecting the High Availability Cluster............................... 9 Partitioning the Primary High Availability Host............................ 9 Partitioning the Secondary High Availability Host......................... 10

1 PARTITION SPLITTING This document provides information on how to use a Juniper Secure Analytics (JSA) script to create a partition and move the /store/ariel/persistent_data location and contents into the new partition for systems running High Availability. This technical note only applies to high availability systems. The partition splitting process affects both the primary and secondary high availability hosts. Before running the script, you must remove the high availability secondary from the high availability cluster configuration. This script takes several hours to complete. During this time, the secondary host is offline, however, the primary host continues to collect data and is still available to access using the user interface. The script performs the required actions and preserves the data integrity of the contents of the /store location. After the script is complete, you can reconfigure your high availability cluster. Unless otherwise noted, all references to JSA refer to JSA and Log Manager. References to flows do not apply to Log Manager. Before You Begin Before you begin, you must have the following: Advanced knowledge of the Linux operating system. Administrative privileges for the JSA software. Administrative privileges for the systems running JSA and high availability. Be aware that there are potential risks involved with running the partition script. Determine the disc capacity of the system. You must give the new partition an appropriate size. Typically, the new partition should be approximately 25% the size of the /store location. The script does not have safeguards in place to prevent the introduction of values that are incorrect or too large. Investigate and find the root cause of your performance issues before you run the script. Partitioning and migrating the/store location can resolve throttling issues where high availability data replication is the reason for the slowdown.

8 PARTITION SPLITTING There is a low risk of data loss. Make sure that the host has sufficient space for a new partition. For example, if you have 100 GB of free space, you should not allocate a 400 GB partition. For technical assistance, contact Juniper Customer Support. Script If you have experienced performance issues caused by high availability data replication that partition splitting can resolve, you can use the partition splitting script to modify the boundaries of the /store/ partition and move the associated temporary results to the newly created partition. This document provides information on preparing, configuring, and running the partition splitting script available with your JSA installation. To prepare and run the partitioning script, you need to log on to JSA as an administrator, and then SSH to both the primary and secondary high availability host. The script is stored in the bin directory of JSA: /opt/qradar/bin. The script takes two commands: size - Sets the disc space required for the new partition. continue - Resumes the processing after a reboot. The partitioning script contains the complete set of instructions required; running the script may take several hours. You may be prompted to restart the host, if so, you can resume the script with the continue command. Partitioning the High Availability Cluster Hosts Running the partition splitting script, requires disconnecting the high availability cluster. After disconnecting the high availability cluster, run the partitioning script on each of the two high availability systems. The script can take several hours to complete, however, you can run the partition splitting script on both hosts at the same time. After the script is complete on both hosts, you must reconnect the high availability cluster. To partition the high availability cluster hosts, perform the following procedures: 1 Disconnect the high availability Cluster. For more information see, Disconnecting the High Availability Cluster 2 Run the partition splitting script on the primary and secondary high availability hosts: Partitioning the Primary High Availability Host

Partitioning the High Availability Cluster Hosts 9 Partitioning the Secondary High Availability Host 3 Reconnect the high availability cluster. For information on reconnecting the high availability cluster, see the Adding an high availability Cluster section in your Juniper Secure Analytics Administration Guide. Disconnecting the High Availability Cluster Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 You can disconnect the high availability cluster. Procedure: Click the Admin tab. On the navigation menu, click System Configuration. On the System Configuration panel, click the System and License Management icon. In the System and License Management window, select the high availability host you want to remove. From the High Availability menu, select Remove high availability Host. Click OK. Result: When you remove an high availability host, the host restarts. Partitioning the Primary High Availability Host Step 1 Step 2 Step 3 You can partition the primary high availability host Procedure: Using SSH, log into the primary high availability host as the root user: Username: root Password: <password> Change to the /opt/qradar/bin directory. Type./create_cursor_partition.sh size=<size>. <size> should be approximately one quarter the /store capacity. <size> is written as a numeric value and the measurement specification. The partition size on the primary and secondary high availability host must be the same. Type the measurement using one of the following: M for Megabyte G for Gigabyte T for Terabyte If the script prompts you to restart the host, do the following steps: a b Restart the primary host and log in as the root user. Change to the /opt/qradar/bin directory.

10 PARTITION SPLITTING Step 4 c Type the following command to restart the script:./create_cursor_partition.sh --continue. To check the partition when the script has finished, type df -h. Partitioning the Secondary High Availability Host You can partition the secondary high availability host. Procedure: Step 1 Step 2 Step 3 Step 4 Using SSH, log into the secondary high availability host as the root user: Username: root Password: <password> Change to the /opt/qradar/bin directory. Type./create_cursor_partition.sh size=<size>. <size> should be approximately one quarter the /store capacity. <size> is written as a numeric value and the measurement specification. The partition size on the primary and secondary high availability host must be the same. Type the measurement using one of the following: M for Megabyte G for Gigabyte T for Terabyte If the script prompts you to restart the host, perform the following steps: a b c Restart the secondary host and log in as the root user. Change to the /opt/qradar/bin directory. Type the following command to restart the script:./create_cursor_partition.sh --continue. To check the partition when the script has finished, type df -h. 5 Reconnect the high availability cluster. For more information on reconnecting an high availability cluster, see the Juniper Secure Analytics High Availability Guide.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback