|Applies To||Security Analytics Server 10.4.x.x|
Security Analytics Head-Unit 10.4.x.x
|Issue||This procedure can be used to back up a Security Analytics 10.4.x.x Server (aka "head unit"), and restore to a new device. However, this does not include the broker service that is included in some instances of the SA Server. To backup a core appliance please see the SA Doc located at http://sadocs.emc.com/0_en-us/090_10.4_User_Guide/215_SysAdmin/BackupRest/CoreApplBupRecov|
This article provides supplemental information address current deficiencies on the current SA Docs related to this subject.
I Backup Process Overview:
To backup your SA Server you will need to backup the following items: Jetty, Reporting Engine, Live, ESA (if applicable), Incident Management (if applicable), IPDB Extractor (if applicable).
1) Back up Jetty
To backup jetty you will need to perform the following tasks via SSH command line:
2) Back up Reporting Engine
To backup the reporting engine perform the following tasks via SSh command line:
3) Back up Mongo Database
In Security Analytics 10.4, ESA rules as well as some Jetty Webserver data is stored in the Mongo instance on the SA server. To back up the MongoDB data on the SA server, perform the following tasks via SSH command line:
4) Other Items of Significance
After backing up all of these files to /home/rsasoc, scp off to a safe location. Once that is completed, ensure the following information is recorded:
II Restore Process
This process will assume that the backup files in the /home/rsasoc directory. Where noted, the pwd (present working directory) should be /.
1) Restore Jetty
To restore jetty, perform the following tasks via SSH command line:
2) Restore Reporting Engine
To restore the reporting engine, perform the following tasks via SSH command line:
3) Restore Mongo Database
In Security Analytics 10.4, ESA rules as well as some Jetty Webserver data is stored in the Mongo instance on the SA server. To restore the ESA MongoDB alert data on the SA server, perform the following tasks via SSH command line:
4) IPDB Extractor Notes (optional)
Re-configure the IPDB extractor service by following this guide. If not using the IPDB Extractor for Envision, these steps may be safely skipped.
5) Restart Services
Start the following services:
|Notes||Be certain to check with RSA support to verify the proper re-server.rpm file for your specific configuration. Please provide the full version number of the SA server in use. To obtain this information, run the following command: |
rpm -qa | grep nw