000035591 - How to backup and restore mongodb collection values in RSA Security Analytics

Document created by RSA Customer Support Employee on Oct 6, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035591
Applies ToRSA Product Set: NetWitness Logs & Packets, Security Analytics
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 10.5.0 and higher releases
Platform: CentOS
 
TasksThe provided information in this article is applicable to all mongo databases available on either the RSA Security Analytics UI or ESA servers. Note that any exported data from mongodb has to be stored in .json file format.
  1. SSH to the RSA NetWitness node hosting a mongodb either the NetWitness UI or ESA servers.
  2. To backup the values of a specific mongo database collection [i.e which is similar to table in structured databases] to a .json file, you need to apply below command: 

[root@sa-server ~]# mongoexport --db sa --collection entitlement --out entitlement.json
connected to: 127.0.0.1
exported 10 records

  1. As an example to demonstrate you can observe here that the sa mongodb got one of it's collections called "entitlement" empty as follows: 

[root@sa-server ~]# mongo sa
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: sa
> show collections
system.indexes  1.66KB (uncompressed),  32.00KB (compressed)
meteredLicenseDeviceHistory     4.04KB (uncompressed),  72.00KB (compressed)
databaseDriver  920.00B (uncompressed), 72.00KB (compressed)
rule    26.48KB (uncompressed), 64.00KB (compressed)
ruleTemplate    52.05KB (uncompressed), 64.00KB (compressed)
metaType        42.59KB (uncompressed), 64.00KB (compressed)
synchronization 993.00B (uncompressed), 32.00KB (compressed)
enrichmentSource        943.00B (uncompressed), 32.00KB (compressed)
databaseReference       0.00B (uncompressed),   32.00KB (compressed)
outputActionProvider    376.00B (uncompressed), 32.00KB (compressed)
template        27.03KB (uncompressed), 32.00KB (compressed)
OOTBInfo        404.00B (uncompressed), 32.00KB (compressed)
entitlement     0.00B (uncompressed),   32.00KB (compressed) <<<<<<<<<<<<<<<<<<<
esaInventory    855.00B (uncompressed), 32.00KB (compressed)
latestSyncSnapshot      993.00B (uncompressed), 32.00KB (compressed)
> quit()

  1. To restore the values of a specific mongo database collection from a .json file, you need to apply below command: 

[root@sa-server ~]# mongoimport --db sa --collection entitlement --file entitlement.json
connected to: 127.0.0.1
Thu Sep 28 12:41:54.356 RemoteLoader failed to beginLoad: { errmsg: "exception: Cannot bulk load a collection that already exists.", code: 16873, ok: 0.0 }. Falling back to normal inserts.
Thu Sep 28 12:41:54.357 RemoteLoader did not create target ns: it already exists. Proceeding.
Thu Sep 28 12:41:54.363 imported 10 objects
[root@sa-server ~]# mongo sa
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: sa
> show collections
system.indexes  1.66KB (uncompressed),  32.00KB (compressed)
meteredLicenseDeviceHistory     4.04KB (uncompressed),  72.00KB (compressed)
databaseDriver  920.00B (uncompressed), 72.00KB (compressed)
rule    26.48KB (uncompressed), 64.00KB (compressed)
ruleTemplate    52.05KB (uncompressed), 64.00KB (compressed)
metaType        42.59KB (uncompressed), 64.00KB (compressed)
synchronization 993.00B (uncompressed), 32.00KB (compressed)
enrichmentSource        943.00B (uncompressed), 32.00KB (compressed)
databaseReference       0.00B (uncompressed),   32.00KB (compressed)
outputActionProvider    376.00B (uncompressed), 32.00KB (compressed)
template        27.03KB (uncompressed), 32.00KB (compressed)
OOTBInfo        404.00B (uncompressed), 32.00KB (compressed)
entitlement     3.53KB (uncompressed),  32.00KB (compressed)  <<<<<<<<<<<<<<<
esaInventory    855.00B (uncompressed), 32.00KB (compressed)
latestSyncSnapshot      993.00B (uncompressed), 32.00KB (compressed)
>

Attachments

    Outcomes