Note: In Security Analytics 10.4, ESA alert data is stored in the co-located Mongo instance (database name: esa). For details on backup and restore, refer to mongodump and mongorestore in the MongoDB 3.2 Manual.
To back up Configuration files:
Stop the ESA service using the following command:
service rsa-esa stop
Create a single tar.gz of all the subdirectories except the sub-directories logs, db, bin, and lib under /opt/rsa/esa.
tar -C / --exclude=/opt/rsa/esa/logs --exclude=/opt/rsa/esa/db --exclude=/opt/rsa/esa/bin --exclude=/opt/rsa/esa/lib --atime-preserve --recursion -cvphjf esa.tar.gz /opt/rsa/esa
To restore the Configuration files:
- Login to the host you intend to restore from a saved backup using ssh
Change to the / directory.
- Copy the necessary tar file using a utility like SCP to the host in the / folder.
Extract the tar file by using the following command:
tar -xvpjf esa.tar.gz
Delete the tar file.
Note: The wrapper.conf file under /opt/rsa/esa/conf contains the JAVA class path listing. The contents of this file are relevant for a given ESA RPM. If the backup and restore is across versions the old file must be discarded, else it must be preserved.
In Security Analytics 10.4, ESA alert data is stored in the co-located Mongo instance (database name: esa). For details on backup and restore, refer to mongodump and mongorestore in the MongoDB 3.2 Manual