000036438 - What are the available backup and restore scripts for the RSA NetWitness Platform?

Document created by RSA Customer Support Employee on Jun 16, 2018Last modified by RSA Customer Support Employee on Jun 16, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000036438
Applies ToRSA Product Set: NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: All Appliances
RSA Version/Condition: 10.6.x, 11.x
Platform: CentOS
O/S Version: EL6, EL7
IssueA user wants to utilize an RSA NetWitness Disaster Recovery backup and restore script and wants to know which script should be used.
Tasks

Note: There are other unofficial backup and restore scripts prior to version 10.6.2.0 which are not documented here.



The official RSA NetWitness backup scripts are:

1. nw-backup


v1 NW10.6.2.0 and above backup and restore - superseded by v2
v2 NW10.6.2.0 and above backup and restore
v3 NW11.0 upgrade only
v4 NW11.1 upgrade only

2. nw-recovery-tool



NW11.1 backup and restore (Alpha release, not officially supported by RSA Engineering).

Resolution

1. nw-backup



Note: These scripts are designed to run on CentOS 6 only. You must execute these scripts on CentOS 6 machines.



Note: The backup and restore scripts do not support backup and restore for STIG or FIPS hardened hosts.



nw-backup-v1.0


An official announcement of this version was published on the RSA Link website.

nw-backup-v1.0.zip
The scripts and the documentation are available on the RSA Link website:

Other references:
 

nw-backup-v2.0


An official announcement of this version was published on the RSA Link website.

The scripts are mentioned in the RSA Security Analytics System Maintenance Guide for Version 10.6.3.
See in this document the section, Back Up and Restore Data for Hosts and Services, where it mentions the following use case.
 
You can use the nw-backup.sh and the nw-restore.sh scripts to back up and restore configuration data from the Security Analytics server and Security Analytics hosts for versions 10.6.2.0 and later. The scripts are specifically for restoring systems that fail. You can use the backup and restore scripts for RMAs, hardware refreshes, and general backup and restore requirements.


nw-backup-v2.0.zip, supersedes v1
The scripts and the documentation are available on the RSA Link website:

Other references:

 

nw-backup-v3.0



Note: nw-backup-v3.0 is used only to upgrade version 10.6.4.x to version 11.0.  There is no nw-restore.sh script.



The RSA NetWitness Logs & Network 10.6.4.x to 11.0 Physical Host Upgrade Guide describes how to use nw-backup-v3.0.

nw-backup-v3.0.zip

 

nw-backup-v4.0



Note: nw-backup-v4.0 is used only to upgrade version 10.6.5.x  to version 11.x.  There is no nw-restore.sh script.



The RSA NetWitness Logs & Packets 10.6.5.x to 11.1 Physical Host Upgrade Guide describes how to use nw-backup-v4.0,

nw-backup-v4.0.zip

 

2. nw-recovery-tool


The NW11.1 backup and restore (Alpha release, not officially supported by RSA Engineering) is an included rpm with the NW11.1.0.0 install (rsa-nw-recovery-tool-11.1.0.0-1802231617.5.6ec9690.el7.noarch.rpm).

There is no official announcement for this script and no documentation.

By reviewing the script it can be run to make a backup using the following syntax:

/usr/bin/nw-recovery-tool --export --dump-dir {path-to-directory} --category {category-value}


In the syntax above:
  • {path-to-directory} is a path to a directory where the backup is written.
  • {category-value} is a value from the /etc/netwitness/recovery-tool/category.sequence file, case-sensitive (like ESAPrimary) for the type of appliance to backup.

Attachments

    Outcomes