Sys Maintenance: Core Hosts Backup and Recovery

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

The host that you want to back up may have a number of services running, so you must take a back up of all the services and restore them. For example, if a Log Decoder has the Log Collector and Warehouse Connector services running, you must back up all these services and then restore individually.

Back Up Configuration Files

To back up configuration files for Log Decoder, Archiver, Decoder, Concentrator, and Broker:

Note: If you need to replace the host in case of RMA you will have to deactivate the host in the Security Analytics GUI/Devices

  1. Stop the services. For more information, see Start or Stop a Host Service in the Host and Services Getting Started Guide.

    Note: RSA recommends you stop the services running on your host before you take a back up to avoid any loss of data.

  2. Create a bz2 file to back up the folder and sub folders under /etc/netwitness/ng
    cd /

    tar -C / --exclude=Geo*.dat --atime-preserve --recursion -cvphjf /root/LDLCBkpfrmSlash.tar.bz2 /etc/netwitness/ng

    Note: This excludes Geo*.dat files which are large and included in every Core rpm.

Restore Configuration Files

  1. Log on to the host you intend to restore from a saved backup using ssh.
  2. Change to the / directory.

    cd /

  3. Copy the necessary tar file using a utility like SCP to the host in the / folder
  4. Shutdown any running services:

    • For FC8, FC9 or CentOS6 use the stop <servicename> command 
      (that is, nwbroker, nwconcentrator, nwdecoder, nwhost)
    • For CentOS5 hosts use the monit stop <servicename> command
      (that is, nwbroker, nwconcentrator, nwdecoder, nwhost)
  5. Extract the tar file by using the following command:

    tar -C / -xvpjf /root/LDLCBkpfrmSlash.tar.bz2

  6. Allow the contents of the tar file to extract into each folder.
  7. Start the core services:

    • For FC8, FC9 or CentOS6 use the start <servicename> command 
      (that is, nwbroker, nwconcentrator, nwdecoder, nwhost)
    • For CentOS5 hosts use the monit start <servicename> command
      (that is, nwbroker, nwconcentrator, nwdecoder, nwhost)
  8. Log on to Security Analytics User Interface and verify the settings have been restored to the previous state.
  9. Delete the tar files.

    rm LDLCBkpfrmSlash.tar.bz2

Note: If you face issues after restoring the files in the upgraded system, you may have to
 - Restart the hosts. 
 - Upload new licenses for the hosts in case the the old licenses are not restored.
 - Manually start the aggregation for Concentrator as the concentrator stops aggregating from decoder sources after the restore.

You are here: Backup and Restore Data for Hosts and Services > Core Hosts Backup and Recovery

Attachments

    Outcomes