000036438 - Available backup and restore scripts for the RSA NetWitness Platform

Document created by RSA Customer Support Employee on Jun 16, 2018Last modified by RSA Customer Support Employee on Mar 21, 2019
Version 8Show Document
  • View in full screen mode

Article Content

Article Number000036438
Applies ToRSA Product Set: NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: All Appliances
RSA Version/Condition: 10.6.x, 11.x
Platform: CentOS
O/S Version: EL6, EL7
IssueThis article explains where to get an RSA NetWitness Disaster Recovery backup and restore script, and which version of the released scripts should be used.
Tasks

There are other unofficial backup and restore scripts prior to NetWitness 10.6.2.0, but those are not documented here.



The official RSA NetWitness backup scripts are:

1. nw-backup



v1.0 NetWitness 10.6.2.0 and above, backup and restore - superseded by v2.0
v2.0 NetWitness 10.6.2.0 and above, backup and restore - superseded by v4.2
v3.0 NetWitness 11.0 upgrade only - superseded by v4.1
v4.0 NetWitness 11.1 upgrade only - superseded by v4.1
v4.1 NetWitness 11.x upgrade only - superseded by v4.2
v4.2 NetWitness 10.6.2.0 and above, backup and restore.  Or NetWitness 10.6.4.x and above, upgrade to NetWitness 11.x


 



2. nw-recovery-tool (NRT)



NetWitness 11.1 Backup and restore (Alpha release, not officially supported by RSA Engineering).
NetWitness 11.2 NetWitness Recovery Tool (NRT) official release.
Resolution

1. nw-backup



These scripts are designed to run on CentOS 6 only. You must execute these scripts on CentOS 6 machines.



The backup and restore scripts do not support backup and restore for STIG or FIPS hardened hosts.  The only workaround is to backup before hardening the appliance, and after a restore harden the appliance again.



a.  nw-backup-v1.0




 



b.  nw-backup-v2.0



Note that nw-backup-v2.0, supersedes nw-backup-v1.0.




You can use the nw-backup.sh and the nw-restore.sh scripts to back up and restore configuration data from the Security Analytics server and Security Analytics hosts for versions 10.6.2.0 and later. The scripts are specifically for restoring systems that fail. You can use the backup and restore scripts for RMAs, hardware refreshes, and general backup and restore requirements.


 

c.  nw-backup-v3.0



nw-backup-v3.0 is used only to upgrade version 10.6.4.x to version 11.0.  There is no nw-restore.sh script.




 


d.  nw-backup-v4.0



nw-backup-v4.0 is used only to upgrade version 10.6.5.x  to version 11.x.  There is no nw-restore.sh script.






 



e.  nw-backup-v4.1



Note that nw-backup-v4.1, supersedes nw-backup-v3.0 and nw-backup-v4.0.



nw-backup-v4.1 is used to upgrade version 10.6.4.x  to 11.0.0, or version 10.6.5.0 to 11.1.0.0, or version 10.6.6.0 to 11.2.0.0.  There is no nw-restore.sh script.




  • The file nw-backup-v4.1.zip is no longer available for download, see nw-backup-v4.2.


 



f.  nw-backup-v4.2



Note that nw-backup-v4.2, supersedes nw-backup-v2.0 and nw-backup-v4.1.



nw-backup-v4.2 is used to:



a. Backup and restore NetWitness 10.6.2.0 and above.


b. Upgrade NetWitness version 10.6.4.x and above to NetWitness 11.x.






2. nw-recovery-tool (NRT) 



a.  rsa-nw-recovery-tool-11.1.0.0-1802231617.5.6ec9690.el7.noarch.rpm



  • The NetWitness 11.1 backup and restore (Alpha release, not officially supported by RSA Engineering) is an included rpm with the NetWitness 11.1.0.0 install.
  • There is no official announcement for this script, and no documentation.
  • The script can be run to make a backup using the following syntax:


/usr/bin/nw-recovery-tool --export --dump-dir {path-to-directory} --category {category-value}



where,



  • {path-to-directory} is a path to a directory where the backup is written.
  • {category-value} is a value from the /etc/netwitness/recovery-tool/category.sequence file, case-sensitive (like ESAPrimary) for the type of appliance to backup.



b.  rsa-nw-recovery-tool-11.2.0.0-1808071743.5.14596d4.el7.noarch.rpm and above



Attachments

    Outcomes