You can use the nw-backup.sh and the nw-restore.sh scripts to back up and restore configuration data from the Security Analytics server and Security Analytics hosts for versions 10.6.2.0 and later. The scripts are specifically for restoring systems that fail. You can use the backup and restore scripts for RMAs, hardware refreshes, and general backup and restore requirements.
Caution: When you are ready to restore data that has been backed up, you must work with the RSA Professional Services team or Customer Support. Do not use the restore script without assistance. For information about how to contact Customer Support, go to the "Contact Customer Support" page in RSA Link (https://community.rsa.com/docs/DOC-1294).
Caution: The backup script (nw-backup.sh) only backs up configuration files that were created by using the Security Analytics console or user interface. RSA recommends that you test the restore process before you delete the original files.
Note: The backup and restore scripts do not support backup and restore for STIG- or FIPS-hardened hosts.
The following hosts can be backed up and restored:
- Security Analytics Server (may include Malware Analysis (colo), Incident Management, Health and Wellness, IPDB Extractor and Reporting Engine)
- Malware Analysis (standalone)
- Event Stream Analysis (including Context Hub and IM database)
- Log Decoder (including Local LogCollector and Warehouse Connector, if installed)
- Log Hybrid
- Packet Decoder (including Warehouse Connector, if installed)
- Packet Hybrid
- Remote Log Collector (VLC)
- IPDB Extractor (Stand-Alone)
- Warehouse Connector (Stand-Alone)
You can back up several systems in a single execution of the backup script, but you must restore them one system at a time.
The scripts and the documentation are available on RSA Link: