HA Data Syncronization between Primary and Secondary Host
I have 1 Manged Host (Host_1) with 10 Tb Data (/store) I move all data from Host_1 in /store/* to (/store) another managed host (Host_2) . Then i configure HA between 2 Host (1&2) with Host_1 is Primary . The Synchronize process between 2 Host have 2 case :
Data in Host_2 is deleted and Sync Process start at the begining (0%)
Qradar calculate (Size,Data...) and not necessary to Sync Data .
Could you help my to find out which case Qradar use ? If Qradar use method 2 then
Which element (size,class of data:year/month/day,...) used by Qradar to make a dicision ?
Which function in Qradar (/opt/qradar/bin or /opt/qradar/ha) used to sync Data ?
Thanks and best regards
Hi. What you are doing is incorrect, and that is not how to synchronize data between HA appliances. You do not manually copy /store from Host_1 to Host_2.
QRadar HA uses DRBD, which is a block-level component that copies the /store partition block by block from the primary to the secondary. For more information on QRadar HA, please read this article:
When you want to configure HA in QRadar, you setup the secondary host using the HA activation key. Then all you need to do is go into the QRadar UI and configure HA for your host by going to Admin > System and License Management > Systems dropdown > right click on your host > Add HA host. You do manually copy /store, the QRadar HA setup will use DRBD and synchronize the disks block by block, meaning that it will be copying over the whole partition (so even if you're using 10TB in /store but its size is 36TB, all the 36TB will be synchronized with the secondary appliance).