Sys Maintenance: Malware Analytics Backup and Recovery

Document created by RSA Information Design and Development on May 12, 2016Last modified by RSA Information Design and Development on May 12, 2016
Version 2Show Document
  • View in full screen mode
 
  

Administrators can back up and restore configuration and database files for Malware Analytics, so if information is lost or deleted, it can be restored.

Back Up Files

For a full backup of configuration files:

  1. Stop RSA Malware service with the following command:
    stop rsaMalwareDevice
  2. Create a tar file of the required files  
    cd /
    tar -cjphvf RSAMalwareFromSlashNew.tar.bz2 /var/lib/netwitness/rsamalware --exclude='root.war' /etc/init/rsaMalwareDevice.conf
  3. Start RSA Malware service with the following command
    start rsaMalwareDevice

Note: For a daily or a partial backup you can create a tar file of files in the subdirectory var/lib/netwitness/rsamalware/spectrum

To back up database files:

  1. Backup in one of the following ways:
  • On a co-located host, it uses H2. If you backup the directory var/lib/netwitness/rsamalware mentioned above, it backs up the database as well.  
  • On a standalone MA box, Postgres is used. Back up the database in the directory var/lib/pgsql/9.1/data on a daily basis.

Restore Files

To restore the configuration and database files:

  1. Log on to the host you intend to restore from a saved backup using ssh.
  2. Stop RSA Malware service with the following command:

    stop rsaMalwareDevice

  3. Change the directory.

    cd / 

  4. Copy the necessary tar file RSAMalwareFromSlashNew.tar.bz2 using a utility like SCP to the host in the / folder.
  5. Extract the tar file by using the following command:

    tar -xjpvf RSAMalwareFromSlashNew.tar.bz2 

  6. Start RSA Malware service with the following command:

    start rsaMalwareDevice

You are here: Backup and Restore Data for Hosts and Services > Malware Analytics Backup and Recovery

Attachments

    Outcomes