Sys Maintenance: Core Hosts Backup and Recovery

Document created by RSA Information Design and Development on Mar 22, 2017Last modified by RSA Information Design and Development on Aug 1, 2017
Version 8Show Document
  • View in full screen mode
 

The host that you want to back up may have a number of services running, so you must back up all the services and restore them. For example, if a Log Decoder has the Log Collector and Warehouse Connector services running, you must back up all these services and then restore them individually.

Note: If you customized the /etc/init.d/pf_ring script to use MTU from /etc/pf_ring/mtu.conf, ensure that the following files are backed up:
/etc/init.d/pf_ring
/etc/pf_ring/mtu.conf

Back Up Files

To back up configuration files for Log Decoder, Archiver, Decoder, Concentrator, and Broker:

Note: If you need to replace the host for Return Merchandise Authorization (RMA), you must deactivate the host in the Security Analytics user interface (Administration > Hosts > select the host, then click the minus sign and then Remove and Repurpose Host to remove it).

  1. Stop the services. For more information, see Start or Stop a Host Service in the Host and Services Getting Started Guide.

    Note: RSA recommends that you stop the services running on your host before you back up the host to avoid any loss of data.

  2. Create a bz2 file to back up the folder and sub folders under /etc/netwitness/ng

    cd /

    tar -C / --exclude=Geo*.dat --atime-preserve --recursion --ignore-failed-read -cvphjf /root/LDLCBkpfrmSlash.tar.bz2 /etc/netwitness/ng /etc/init.d/pf_ring /etc/pf_ring/mtu.conf

    Note: This excludes Geo*.dat files which are large and included in every Core RPM.

To back up Puppet and RabbitMQ files:

  1. Create a tar.bz2 file of the Puppet and RabbitMQ files:
    tar -C / --atime-preserve --recursion -cvpjf /root/puppet-rabbit-backup.tar.bz2 --exclude=/var/lib/puppet/bucket --exclude=/var/lib/puppet/reports --exclude=/var/lib/puppet/lib --exclude=/var/lib/rabbitmq/mnesia /var/lib/puppet /etc/puppet /var/lib/rabbitmq
  2. If you are backing up a system that is still being used, start the services.

Restore Files

When you are restoring files that have been backed up, put the files in a consistent place. In this document, we are using the /tmp/ folder as the location for the tar files to be extracted. You can use a different folder if needed.

  1. Log onto the host that you intend to restore from a saved backup using SSH.
  2. Change to the / directory.

    cd /

  3. Copy the necessary tar file using a utility like Secure Copy (SCP) to the host in the /tmp/ folder
  4. Extract the tar file by using the following command:

    tar -C / -xvpjf /tmp/LDLCBkpfrmSlash.tar.bz2

  5. Allow the contents of the tar file to extract into each folder.
  6. Delete the tar files.

    rm /tmp/LDLCBkpfrmSlash.tar.bz2

To restore Puppet and RabbitMQ Files:

  1. Change to the / directory.
    cd /
  2. Copy the tar file puppet-rabbit-backup.tar.bz2, using a utility like Secure Copy (SCP), to the host in the /tmp/ directory.
  3. Extract the tar file by using the following command:
    tar -C / -xvjf /tmp/puppet-rabbit-backup.tar.bz2
  4. Delete the tar file.
    rm /tmp/puppet-rabbit-backup.tar.bz2
  5. Start the services. For more information, see Start or Stop a Host Service in the Host and Services Getting Started Guide.
  6. Log onto the Security Analytics user interface and verify that the settings have been restored to the previous state.

Note: If you have issues after restoring the files in the upgraded system, you may have to
 - Restart the hosts. 
 - Upload new licenses for the hosts in case the old licenses are not restored.
 - Manually start the aggregation for Concentrator as the concentrator stops aggregating from decoder sources after the restore.

You are here
Table of Contents > Sys Maintenance: Core Hosts Backup and Recovery

Attachments

    Outcomes