000036438 - Available backup and restore scripts for the RSA NetWitness Platform

Document created by RSA Customer Support Employee on Jun 16, 2018Last modified by RSA Customer Support Employee on Sep 2, 2019
Version 9Show Document
  • View in full screen mode

Article Content

Article Number000036438
Applies ToRSA Product Set: NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: All Appliances
RSA Version/Condition: 10.6.x, 11.x
Platform: CentOS
O/S Version: EL6, EL7
IssueThis article explains where to get an RSA NetWitness Disaster Recovery backup and restore script, and which version of the released scripts should be used.
Tasks

There are other unofficial backup and restore scripts prior to NetWitness 10.6.2.0, but those are not documented here.



The official RSA NetWitness backup scripts are:

  1. nw-backup



    v4.3 NetWitness 10.6.2.0 and above, backup and restore.  Or NetWitness 10.6.6.x, upgrade to NetWitness 11.x
    v4.2 NetWitness 10.6.2.0 and above, backup and restore.  Or NetWitness 10.6.4.x and later, upgrade to NetWitness 11.x - superseded by v4.3 - no longer available
    v4.1 NetWitness 11.x upgrade only - superseded by v4.2 - no longer available
    v4.0 NetWitness 11.1 upgrade only - superseded by v4.1 - no longer available
    v3.0 NetWitness 11.0 upgrade only - superseded by v4.1 - no longer available
    v2.0 NetWitness 10.6.2.0 and above, backup and restore - superseded by v4.2
    v1.0 NetWitness 10.6.2.0 and above, backup and restore - superseded by v2.0 - no longer available


     



  2. nw-recovery-tool (NRT)


     

    NetWitness 11.3 NetWitness Recovery Tool (NRT)
    NetWitness 11.2 NetWitness Recovery Tool (NRT) initial official release
    NetWitness 11.1 Backup and restore (Alpha release, not officially supported by RSA Engineering)

Resolution

  1. nw-backup



    These scripts are designed to run on CentOS 6 only. The scripts must be executed on CentOS 6 machines.



    The backup and restore scripts do not support backup and restore for STIG or FIPS hardened hosts.  The only workaround is to backup before hardening the appliance, and after a restore harden the appliance again.

    The restore script is only supported for NetWitness
    10.6.2.0 to 10.6.6.x.
     



    nw-backup-v4.3



    Note: The nw-backup-v4.3, supersedes all previous nw-backup versions.



    nw-backup-v4.3 can be used to:



    a. Backup and restore NetWitness 10.6.2.0 to 10.6.6.x.


    b. Upgrade NetWitness version 10.6.6.x to NetWitness 11.x.



    The documentation on how to use the scripts and the file nw-backup-v4.3.zip is available for download on the RSA Link website:



  2. nw-recovery-tool (NRT) 



    The NetWitness Recovery Tool (NRT) is a CentOS 7 rpm package included from NetWitness 11.1.x and later on all NetWitness appliances.

    NetWitness 11.1.x Note: The NetWitness Recovery Tool is an initial Alpha release, it is not officially supported by RSA Engineering.  There was no official announcement for this script, and no documentation, but it can be used as is in NetWitness 11.1.x.

    Use the following command to confirm the NetWitness Recovery Tool rpm is installed on NetWitness 11.1.x or later.
     




    # rpm -qa |grep -i recovery
    rsa-nw-recovery-tool-11.3.1.0-1906111534.5.1519cf7.el7.noarch



    The NetWitness Recovery Tool can be used to:



    a. Backup and restore NetWitness 11.2.x and later.

     

    The documentation on how to use the NetWitness Recovery Tool is available on the RSA Link website:





    Note: The NetWitness Recovery Tool must be run on each host system locally for backup and restore.  NRT cannot be run from a remote host.



    Attachments

      Outcomes