Sys Maintenance: Security Analytics Server Backup and Recovery

Document created by RSA Information Design and Development on Mar 22, 2017Last modified by RSA Information Design and Development on Aug 1, 2017
Version 8Show Document
  • View in full screen mode
 

Administrators can back up and restore configuration and database files for a Security Analytics server, so that if information is lost or deleted, it can be restored.

Back Up or Restore On Demand

Run the following command to acquire the H2 jar. This will be used to create the backup file.
cd /home/rsasoc
wget http://repo1.maven.org/maven2/com/h2database/h2/1.3.172/h2-1.3.172.jar

Back Up Files

To back up the database files:

  1. Stop the web server by running the following command:
    stop jettysrv
  2. Back up the H2 database:

    cd /var/lib/netwitness/uax/db
    java -cp /home/rsasoc/h2-1.3.172.jar  org.h2.tools.Backup -file /home/rsasoc/jettydb.backup

  3. Back up MongoDB. Ensure that you run this command as one continuous string:
    mongodump --db=asg --out /tmp/mongodump/asg -v && mongodump --db=datascience --out /tmp/mongodump/datascience -v && mongodump --db=esm --out /tmp/mongodump/esm -v && mongodump --db=les --out /tmp/mongodump/les -v && mongodump --db=local --out /tmp/mongodump/local -v && mongodump --db=puppet --out /tmp/mongodump/puppet -v && mongodump --db=sms --out /tmp/mongodump/sms -v && mongodump --db=sa --out /tmp/mongodump/sa -v

Note: For help with the backup procedure, run the command java -cp /path/to/h2-1.3.172.jar org.h2.tools.Backup -?

  1. Remove the OOTBInfo file from the tar file by running the following command:
    rm -f /tmp/mongodump/sa/OOTBInfo.*

To back up configuration files:

  1. Create a tar.bz2 file that contains the sub directories conf, lib, logs, plugins, scheduler, and security-policy under /var/lib/netwitness/uax.

Note: To ensure that you have enough space for the tar.bz2 file, delete completed jobs that are stored to reduce the size of /var/lib/netwitness/uax/scheduler.

  1. Run the following command:
    tar -C / -cvjf saserver.tar.bz2 --exclude=/var/lib/netwitness/uax/startup --exclude=/var/lib/netwitness/uax/startup_file --exclude=/var/lib/netwitness/uax/conf/initialBootupConfig.cfg --exclude=/var/lib/netwitness/uax/yum /var/lib/netwitness/uax/conf /var/lib/netwitness/uax/lib /var/lib/netwitness/uax/logs /var/lib/netwitness/uax/plugins /var/lib/netwitness/uax/scheduler /var/lib/netwitness/uax/security-policy

To back up Puppet and RabbitMQ files:

  1. Create a tar.bz2 file of the Puppet and RabbitMQ files:
    tar -C / --atime-preserve --recursion -cvpjf /root/puppet-rabbit-backup.tar.bz2 --exclude=/var/lib/puppet/bucket --exclude=/var/lib/puppet/reports --exclude=/var/lib/puppet/lib --exclude=/var/lib/rabbitmq/mnesia /var/lib/puppet /etc/puppet /var/lib/rabbitmq
  2. If you are backing up a system that is still being used, start the web server by running the following command:
    start jettysrv

Restore Files

When you are restoring files that have been backed up, put the files in a consistent place. In this document, we are using the /tmp/ folder as the location for the tar files to be extracted. You can use a different folder if needed.

Note: For help with the restore procedure, you can run the command java -cp /path/to/h2-1.3.172.jar org.h2.tools.Restore -?

To restore Jetty, run the following commands using SSH.

  1. Stop the web server by running the following command:
    stop jettysrv
  2. rm -rf /var/lib/netwitness/uax/conf
    /var/lib/netwitness/uax/logs/
    /var/lib/netwitness/uax/plugins
    /var/lib/netwitness/uax/security-policy/
    /var/lib/netwitness/uax/db/*
  3. cd /var/lib/netwitness/uax/db
  4. java -cp /home/rsasoc/h2-1.3.172.jar org.h2.tools.Restore -file /home/rsasoc/jettydb.backup
  5. cd /
  6. tar -xvpjf /tmp/rsasoc/saserver.tar.bz2

To restore the configuration files:

  1. Log onto the host that you intend to restore from a saved backup using SSH.
  2. Change to the / directory:
    cd /
  3. Copy the tar file saserver.tar.bz2, using a utility like Secure Copy (SCP), to the host in the /tmp/ folder.
  4. Extract the tar file by using the following command:
    tar -C / -xvjf /tmp/saserver.tar.bz2
  5. Delete the tar file.
    rm /tmp/saserver.tar.bz2

To restore the MongoDB files:

  1. Log onto the host that you intend to restore from a saved backup using SSH.
  2. Change to the / directory.
    cd /
  3. Run the following command:
    mongorestore --db=asg --drop /tmp/mongodump/asg mongorestore --db=datascience --drop /tmp/mongodump/datascience mongorestore --db=esm --drop /tmp/mongodump/esm mongorestore --db=les --drop /tmp/mongodump/les mongorestore --db=local --drop /tmp/mongodump/local mongorestore --db=puppet --drop /tmp/mongodump/puppet mongorestore --db=sms --drop /tmp/mongodump/sms

To restore Puppet and RabbitMQ Files:

  1. Change to the / directory.
    cd /
  2. Copy the tar file puppet-rabbit-backup.tar.bz2, using a utility like Secure Copy (SCP), to the host in the /tmp/ directory.
  3. Extract the tar file by using the following command:
    tar -C / -xvjf /tmp/puppet-rabbit-backup.tar.bz2
  4. Delete the tar file.
    rm /tmp/puppet-rabbit-backup.tar.bz2
  5. Reboot the server.
You are here
Table of Contents > Sys Maintenance: Security Analytics Server Backup and Recovery

Attachments

    Outcomes