2013-12-28 02:44 AM
2014-12-01 12:36 PM
There is documentation on procedures to back up and restore data and configuration files for the core appliance and services and all the components of Security Analytics here:
https://sadocs.emc.com/0_en-us/090_10.4_User_Guide/215_SysAdmin/BackupRest
2013-12-28 10:13 AM
don't have, only thing i know is the upgrade guide there are some steps.
I think what we can do is to backup the configuration files then restore.
2014-06-11 06:04 AM
Just amazing that there is no backup/restore procedure for such a product.
I am very disappointed by RSA. I noticed a lack of documentations, the files are spread everywhere and not centralized. Not very serious for such a company, at least the community is great.
2014-06-11 09:32 AM
I have no idea how to actually upload a file but here is the script for backing up the main config files on all types of SA appliances. I also added the backing up of the vsftpd config. Please note that this is not officially supported by RSA but will work better than nothing.
#!/bin/bash
# The routine moves config files into the archive area and compresses the files.
# Old logs are also removed if over "n" days old.
#
#
#
#
#----- Define Variables
HOST=`avsesa-rsasa-log-p01`
day=`date +%d`
month=`date +%b`
year=`date +%Y`
BACKUP=/tmp/backup
DECCONBRK1=/etc/netwitness/ng
FTPSERVER1=/etc/vsftpd
SASERVER1=/home/rsasoc/rsa/soc/reporting-engine
SASERVER2=/var/lib/netwitness/uax
ESASERVER1=/opt/rsa/esa
GZIP="/bin/gzip -f"
# Check for backup directory
if [ -d "${BACKUP}" ]; then
#Directory /backup exists.
echo .
else
#Error: Directory /backup does not exists.
mkdir ${BACKUP}
fi;
########################################################
## Decoder, Concentrator, or Broker
########################################################
if [ -d "${DECCONBRK1}" ]; then
#Directory exists.
tar -cvf ${BACKUP}/etc-netwitness-ng.tar.$year.$day.$month-12AM ${DECCONBRK1}
#scp ${BACKUP}/etc-netwitness-ng.tar.$year.$day.$month-12AM user@host:/path/$HOST.etc-netwitness-ng.tar.$year.$day.$month-12AM
else
#Error: Directory does not exists.
echo .
fi;
########################################################
## VSFTPD Server, added to script 05282014 - Seandko
########################################################
if [ -d "${FTPSERVER1}" ]; then
#Directory exists.
tar -cvf ${BACKUP}/etc-vsftpd.tar.$year.$day.$month-12AM ${FTPSERVER1}
#scp ${BACKUP}/etc-vsftpd.tar.$year.$day.$month-12AM user@host:/path/$HOST.etc-vsftpd.tar.$year.$day.$month-12AM
else
#Error: Directory does not exists.
echo .
fi;
#####################################################
## SA Server
########################################################
if [ -d "${SASERVER1}" ]; then
#Directory exists.
#tar --exclude='/home/rsasoc/rsa/soc/reporting-engine/formattedReports/*' --exclude='/home/rsasoc/rsa/soc/reporting-engine/resultstore/*' -cvf foo.tar /home/rsasoc/rsa/soc/reporting-engine
tar --exclude='/home/rsasoc/rsa/soc/reporting-engine/formattedReports/*' --exclude='/home/rsasoc/rsa/soc/reporting-engine/resultstore/*' -cvf ${BACKUP}/home-rsasoc-rsa-soc-reporting-engine.tar.$year.$day.$month-12AM ${SASERVER1}
#scp ${BACKUP}/home-rsasoc-rsa-soc-reporting-engine.tar.$year.$day.$month-12AM user@host:/path/$HOST.home-rsasoc-rsa-soc-reporting-engine.tar.$year.$day.$month-12AM
else
#Error: Directory does not exists.
echo .
fi;
if [ -d "${SASERVER2}" ]; then
#Directory exists.
tar -cvf ${BACKUP}/var-lib-netwitness-uax.tar.$year.$day.$month-12AM ${SASERVER2}
#scp ${BACKUP}/var-lib-netwitness-uax.tar.$year.$day.$month-12AM user@host:/path/$HOST.var-lib-netwitness-uax.tar.$year.$day.$month-12AM
else
#Error: Directory does not exists.
echo .
fi;
########################################################
## ESA
########################################################
if [ -d "${ESASERVER1}" ]; then
#Directory exists.
tar -cvf ${BACKUP}/opt-rsa-esa.tar.$year.$day.$month-12AM ${ESASERVER1}
#scp ${BACKUP}/opt-rsa-esa.tar.$year.$day.$month-12AM user@host:/path/$HOST.opt-rsa-esa.tar.$year.$day.$month-12AM
else
#Error: Directory does not exists.
echo .
fi;
#----- Cleanup the Backup Area
find ${BACKUP} -mtime +15 -exec rm {} \;
2014-11-21 04:19 AM
Another customer here also asked about backup. If the server accidentally crashed or whatsoever , they question how to restore back the data.
2014-12-01 12:36 PM
There is documentation on procedures to back up and restore data and configuration files for the core appliance and services and all the components of Security Analytics here:
https://sadocs.emc.com/0_en-us/090_10.4_User_Guide/215_SysAdmin/BackupRest
2014-12-02 09:00 AM
What about the Broker and ESA mongo databases?
2014-12-02 02:20 PM
All broker, decoder, log decoder, archiver, concentrator files reside under
Data: /var/netwitness/<service>
Configuration: /etc/netwitness/ng
Log DB: /var/log/netwitness/<service>
You can back up those directories. Backing up the log DB is optional, depending on needs. This is assuming a default installation with standard mount points.
Keep in mind that data backups will cause I/O contention in high bandwidth environments. I can't help you with ESA.
2016-08-31 11:31 PM
There are several articles at this link covering backup/recovery on core SA appliances...
Search - RSA Security Analytics Documentation
Hope this helps!
2016-09-01 04:38 PM