Observer GigaStor : Backups and Restoring : Backups and Restoring
   
Backups and Restoring
 
Page Contents
Exporting GigaStor data for archiving
Backing up your GigaStor settings
How to restore a GigaStor probe to factory settings
Multiple portions of the GigaStor appliance can be backed up and restored. If necessary, you can also use the Gigastor System Restore kit to re-image your entire GigaStor to factory settings.
Exporting GigaStor data for archiving
Revised: 2016-11-30
You can export your GigaStor -collected data on a scheduled basis. This can be done for archival or backup purposes.
Use the Export tab to configure when and to where your data is saved or to manually export your data. You can manually export your GigaStor data in several file formats or you can schedule Observer to export the data.
Part of what makes the GigaStor searches so quick is that the data is indexed. Any data that is exported to a file is saved, but unindexed. The data remains in the indexed GigaStor file until it is overwritten. The exported data is always available and means you will still have access to the saved packet data, but you must load the capture file into the analyzer before you can search it. Having a good naming convention can help you find your files later.
Note: This process should be completed on the GigaStor probe itself by having the software running in Observer mode rather than Expert Probe. See Switching between the probe and analyzer user interfaces. This may require that you use Remote Desktop to access the system.
1. Redirect the probe instance to the local analyzer if it is not already connected to it. See Connecting to a probe.
3. Click the Settings button to open GigaStor Settings.
4. Click the Export tab.
5. Choose how you want to export the data and in which format (BFR, PCAP, or CAP).
6. (Optional) Choose to schedule the export so that it can happen automatically.
7. If you want to export data from specific time ranges only, or just export the data on an “as needed” basis, click Manual Export.
8. (Optional) Choose if you want to have Observer write a progress status every 30 seconds to the Log window.
9. Click OK.
 
 
Backing up your GigaStor settings
Revised: 2017-09-01
You can back up most Observer settings and configuration data. Backups are useful when migrating to new hardware, upgrading the operating system, or recovering from data loss.
Caution: If you are using data encryption on your GigaStor system, you must save the encryption keys before upgrading the operating system. Because the keys are typically stored on the operating system drive, they will be lost during the upgrade process. If you do not have a copy of the keys elsewhere, you will not be able to access stored data (packets) after the upgrade is complete.
Your Observer may not have each directory referenced in this topic, but you can back up those that are present. Use whatever backup method is best for you.
To back up many Observer settings and files, do the following:
Copy the files and directories in Table 6 to a backup location. This must be a location other than the operating system drive of the system you are planning to upgrade.
Table 6. Directory or files to back up
Directory or file
Description
Network Trending
C:\Program Files\Observer\NetworkTrending
This contains your Network Trending data. If you have changed the default location for Network Trending data, you must to back up the new location. Use the Folders tab in to verify which folder is used for trending data.
Protocol Definitions
C:\Program Files\Observer\ProtocolDefs
This contains any modifications or additions you have made to the protocol definitions list for each probe instance. Back up in all cases.
Multicast Definitions
C:\Program Files\Observer\MulticastDefinitions
This contains the templates for defining trading multicast streams for Network Trending. Back up if you use trading multicasts in Network Trending.
Settings
C:\Program Files\Observer\Settings
This contains alarms and triggers. Back up if you heavily use alarms or have alarm/trigger customizations that need to be retained.
SNORT Rules
C:\Program Files\Observer\Forensics
This contains your SNORT information, such as rules, for detecting malicious activity in your packet captures. Back up if you use SNORT.
Expert Thresholds
C:\Program Files\Observer\ExpertSettings
This contains your thresholds stored in Expert settings. These include TCP/UDP events and some triggers for problem identification. Back up if you have modified any Expert thresholds and want to retain those customizations.
SNMP
C:\Program Files\Observer\SNMP
This contains any custom MIBs, compiled MIBs, request files and SNMP trending data. Back up if you have made SNMP changes or have SNMP trending data. Use the Folders tab in to verify which folder is used for SNMP.
Address Tables
C:\Program Files\Observer\LocalAddressTable
This contains your Discover Network Names list. Back up if you have run Discover Network Names and have saved the alias list.
C:\Program Files\Observer\ProbeAddressTable
This contains the Discover Network Names list from any remote probe that has connected to this Observer analyzer. Back up if you have run remote Discover Network Names and saved the alias list.
Scripts
C:\Program Files\Observer\Scripts
This contains the scripts for Observer. Back up if you have created or modified a script.
Windows Registry
Using Regedit, export the following registry branch:
32-bit Windows operating system running any version, or 64-bit Windows operating system running version 16 or higher:
HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments
License
Make note of the license information in . You need the contact/department, company, identification number, and license number.
 
 
How to restore a GigaStor probe to factory settings
Created: 2013-05-11   Revised: 2016-11-30
Restoring a GigaStor to factory settings is usually a last resort when all other methods to correct the issue have failed and should only be done under the direction of VIAVI Technical Support.
All captured packets and trending data on the GigaStor RAID are safe. Nothing on the RAID (D:\) is affected by this process. Only the operating system (C:\) drive is touched.
Caution: All settings, configuration data, and files on the operating system drive of the GigaStor are deleted during the restore. This includes passwords, IP addresses, domain information, etc.
These items are required for the restore process:
GigaStor Restore USB flash drive
Physical access to the GigaStor
Monitor and keyboard (connected to GigaStor)
Each restore kit is purpose-built for a specific GigaStor that you own. You must match the serial number displayed on the GigaStor Restore USB flash drive to the serial number of the GigaStor. You can locate a GigaStor serial number on the back of each unit or on the door. If you have more than one GigaStor, you must ensure each GigaStor is restored only with the GigaStor Restore USB flash drive having a matching serial number for that GigaStor.
For example, if you have three GigaStor appliances to restore, you must use three specific and separate GigaStor Restore USB flash drives—each drive only matches one GigaStor appliance.
To restore a GigaStor appliance to factory settings:
1. First, ensure all USB drives are disconnected from the GigaStor appliance.
Connected USB drives can interfere with the boot-up process and/or drive letter assignments. You will insert the GigaStor Restore USB flash drive in a future step.
2. Power down the hardware. Wait at least 15 seconds for the hard drives to spin down.
3. Insert the correct GigaStor Restore USB flash drive into a USB port of the GigaStor appliance.
The correct GigaStor Restore USB flash drive has a serial number that matches the serial number of the appliance.
4. Power on the hardware, and press Delete during boot up to enter the BIOS.
5. Press the right arrow key until the Boot screen is showing.
6. Press the down arrow key to select Boot Option #1. Press Enter.
7. Select USB Key: KingstonDataTraveler 3.0PMAP and press Enter.
The GigaStor Restore USB flash drive is now set as the first boot drive.
8. Press F4 on the keyboard to open the Save & Exit Setup window.
9. Select Yes and press Enter to confirm your changes.
The system reboots into the restore utility.
10. When the restore utility appears, select the Restore option and press Enter.
The system begins the restore operation and will take several minutes.
11. When prompted, remove the GigaStor Restore USB flash drive and press Enter to reboot the system.
Caution: Failure to remove the GigaStor Restore USB flash drive when prompted can cause incorrectly assigned drive letters!
 
The system restore is complete. Both the GigaStor probe software and Window operating system are already licensed. That information was included on the USB drive. You can begin using the probe. Type your login credentials after the system boots. The default password is admin, and it is case-sensitive.
 
 
If you have trouble starting Windows after following these instructions: ensure the GigaStor Restore USB flash drive is disconnected, and then re-enter the BIOS and change Boot Option #1 to be Hard Disk: <name>. Save these changes and try starting Windows.