The host that you want to back up may have a number of services running, so you must back up all the services and restore them. For example, if a Log Decoder has the Log Collector and Warehouse Connector services running, you must back up all these services and then restore them individually.
Back Up Files
To back up configuration files for Log Decoder, Archiver, Decoder, Concentrator, and Broker:
Stop the services. For more information, see Start or Stop a Host Service in the Host and Services Getting Started Guide.
Create a bz2 file to back up the folder and sub folders under /etc/netwitness/ng
tar -C / --exclude=Geo*.dat --atime-preserve --recursion --ignore-failed-read -cvphjf /root/LDLCBkpfrmSlash.tar.bz2 /etc/netwitness/ng /etc/init.d/pf_ring /etc/pf_ring/mtu.conf
To back up Puppet and RabbitMQ files:
- Create a tar.bz2 file of the Puppet and RabbitMQ files:
tar -C / --atime-preserve --recursion -cvpjf /root/puppet-rabbit-backup.tar.bz2 --exclude=/var/lib/puppet/bucket --exclude=/var/lib/puppet/reports --exclude=/var/lib/puppet/lib --exclude=/var/lib/rabbitmq/mnesia /var/lib/puppet /etc/puppet /var/lib/rabbitmq
- If you are backing up a system that is still being used, start the services.
When you are restoring files that have been backed up, put the files in a consistent place. In this document, we are using the /tmp/ folder as the location for the tar files to be extracted. You can use a different folder if needed.
- Log onto the host that you intend to restore from a saved backup using SSH.
Change to the / directory.
- Copy the necessary tar file using a utility like Secure Copy (SCP) to the host in the /tmp/ folder
Extract the tar file by using the following command:
tar -C / -xvpjf /tmp/LDLCBkpfrmSlash.tar.bz2
- Allow the contents of the tar file to extract into each folder.
Delete the tar files.
To restore Puppet and RabbitMQ Files:
- Change to the / directory.
- Copy the tar file puppet-rabbit-backup.tar.bz2, using a utility like Secure Copy (SCP), to the host in the /tmp/ directory.
- Extract the tar file by using the following command:
tar -C / -xvjf /tmp/puppet-rabbit-backup.tar.bz2
- Delete the tar file.
- Start the services. For more information, see Start or Stop a Host Service in the Host and Services Getting Started Guide.
- Log onto the Security Analytics user interface and verify that the settings have been restored to the previous state.