NetWitness Community

I have no idea how to actually upload a file but here is the script for backing up the main config files on all types of SA appliances.  I also added the backing up of the vsftpd config.  Please note that this is not officially supported by RSA but will work better than nothing.

#!/bin/bash

# The routine moves config files into the archive area and compresses the files.

# Old logs are also removed if over "n" days old.

#

#

#

#

#----- Define Variables

HOST=`avsesa-rsasa-log-p01`

day=`date +%d`

month=`date +%b`

year=`date +%Y`

BACKUP=/tmp/backup

DECCONBRK1=/etc/netwitness/ng

FTPSERVER1=/etc/vsftpd

SASERVER1=/home/rsasoc/rsa/soc/reporting-engine

SASERVER2=/var/lib/netwitness/uax

ESASERVER1=/opt/rsa/esa

GZIP="/bin/gzip -f"

# Check for backup directory

if [ -d "${BACKUP}" ]; then

  #Directory /backup exists.

  echo .

else

  #Error: Directory /backup does not exists.

  mkdir ${BACKUP}

fi;

########################################################

## Decoder, Concentrator, or Broker

########################################################

  if [ -d "${DECCONBRK1}" ]; then

  #Directory exists.

  tar -cvf ${BACKUP}/etc-netwitness-ng.tar.$year.$day.$month-12AM ${DECCONBRK1}

  #scp ${BACKUP}/etc-netwitness-ng.tar.$year.$day.$month-12AM user@host:/path/$HOST.etc-netwitness-ng.tar.$year.$day.$month-12AM

  else

     #Error: Directory does not exists.

     echo .

  fi;

########################################################

## VSFTPD Server, added to script 05282014 - Seandko

########################################################

        if [ -d "${FTPSERVER1}" ]; then

                #Directory exists.

                tar -cvf ${BACKUP}/etc-vsftpd.tar.$year.$day.$month-12AM ${FTPSERVER1}

                #scp ${BACKUP}/etc-vsftpd.tar.$year.$day.$month-12AM user@host:/path/$HOST.etc-vsftpd.tar.$year.$day.$month-12AM

        else

            #Error: Directory does not exists.

            echo .

        fi;

#####################################################

## SA Server

########################################################

  if [ -d "${SASERVER1}" ]; then

  #Directory exists.

  #tar --exclude='/home/rsasoc/rsa/soc/reporting-engine/formattedReports/*' --exclude='/home/rsasoc/rsa/soc/reporting-engine/resultstore/*' -cvf foo.tar /home/rsasoc/rsa/soc/reporting-engine

  tar --exclude='/home/rsasoc/rsa/soc/reporting-engine/formattedReports/*' --exclude='/home/rsasoc/rsa/soc/reporting-engine/resultstore/*' -cvf ${BACKUP}/home-rsasoc-rsa-soc-reporting-engine.tar.$year.$day.$month-12AM ${SASERVER1}

  #scp ${BACKUP}/home-rsasoc-rsa-soc-reporting-engine.tar.$year.$day.$month-12AM user@host:/path/$HOST.home-rsasoc-rsa-soc-reporting-engine.tar.$year.$day.$month-12AM

  else

     #Error: Directory does not exists. 

     echo .

  fi;

  if [ -d "${SASERVER2}" ]; then

  #Directory exists.

  tar -cvf ${BACKUP}/var-lib-netwitness-uax.tar.$year.$day.$month-12AM ${SASERVER2}

  #scp ${BACKUP}/var-lib-netwitness-uax.tar.$year.$day.$month-12AM user@host:/path/$HOST.var-lib-netwitness-uax.tar.$year.$day.$month-12AM

  else

     #Error: Directory does not exists.

     echo .

  fi;

########################################################

## ESA

########################################################

  if [ -d "${ESASERVER1}" ]; then

  #Directory exists.

  tar -cvf ${BACKUP}/opt-rsa-esa.tar.$year.$day.$month-12AM ${ESASERVER1}

  #scp ${BACKUP}/opt-rsa-esa.tar.$year.$day.$month-12AM user@host:/path/$HOST.opt-rsa-esa.tar.$year.$day.$month-12AM

  else

     #Error: Directory does not exists.

     echo .

  fi;

#----- Cleanup the Backup Area

find ${BACKUP} -mtime +15 -exec rm {} \;

There are several articles at this link covering backup/recovery on core SA appliances...

Search - RSA Security Analytics Documentation 

Hope this helps!