I wanted to share my updated version of my backup script for SA 10.6. I say that this is for 10.6 because the files might be different on anything lower, but I believe they are all pretty accurate for 10.4 and 10.5.
This script is pretty simple and can be run on any of your devices no matter the type. The script will check for each device my checking your directory structure and start the backups based on what it finds. After further review I have also added logging to each time it tries to move the files off the server. For each section below is the basic workflow:
Check if directory exits
Backup directory according to RSA Documents
take a sha1 of the backup file
SCP the files off the server to a server of your choice. I only error check on the actual config files being moved, if the sha1 does not move I will not pop an error.
At the end it will clean up the backup directory on the SA system to save space.
Currently this script does not stop each service before doing a backup, this does lead to potential issues but I cannot take down services weekly so this is the best I can do.
Future planned enhancements:
Add the DB backup that RSA suggests but right now errors are happening and I need to contact support.
Add email/snmp alerts to the script for failures
Add arguments to make the script more versatile
SCP and passwords:
I use keys for all my servers so I never have a password issue, just copy the root public key to your other server and it will work fine.
Things that need changed when downloading the script:
Change all spots that have CHANGEME in it. The user, SCPHOST and DBBAK, which is the .jar file location (this does not work right now and is not needed, it is left in the script for future).
Parsing of error logs: Parsing is coming, I just need to parse them and I will upload the events you will need to add.
Hopefully this helps people out, it has satisfied all our auditors and works well.
DISCLAIMER: RSA does not develop this script, use at your own risk.
Thanks!
To all customers reading this post:
Please note that any backup or restore script that is not an RSA official script, such as this one, cannot be supported by RSA Netwitness Support. You use these scripts at your own risk. If you have any issues with any of the unofficial scripts found within RSA Link, please reach out to their owners as RSA Netwitness Support will not be able to assist you. An official RSA Netwitness backup and restore script is scheduled to be available in 10.6.3 and above. If you have any questions about the official scripts please contact RSA Netwitness Support.
Thank you