Backing Up and Restoring Databases
- Backing Up and Restoring CMDB
- Backing Up and Restoring EventDB
- Backing Up and Restoring SVN
- ClickHouse Backup and Restore Steps
Backing Up and Restoring CMDB
The FortiSIEM Configuration Management Database (CMDB) contains discovered information about devices, servers, networks and applications. You should create regular backups of the CMDB that you can use to restore it in the event of database corruption.
CMDB Backup Procedure
The database files are stored in /cmdb/data. FortiSIEM automatically backs up this data twice daily and the backup files are stored in /data/archive/cmdb. To perform a backup, move these files to another location. For example:
[root@SaaS-Sup cmdb] #cd /data/archive/cmdb
[root@SaaS-Sup cmdb] #cp phoenixdb* /<another>/<mount>/<point>
If your /data disk is on an external NFS mount then your CMDB backup is already separate from the VM infrastructure.
[root@SaaS-Sup cmdb]# pwd
/data/archive/cmdb
[root@SaaS-Sup cmdb]# ls -lt
total 1213952
-rw-rw-rw- 1 root root 95559457 Apr 20 03:02 phoenixdb_2011-04-20T03-00-01
-rw-rw-rw- 1 root root 93010144 Apr 19 13:04 phoenixdb_2011-04-19T13-00-02
-rw-rw-rw- 1 root root 91142941 Apr 19 03:02 phoenixdb_2011-04-19T03-00-01
-rw-rw-rw- 1 root root 89686080 Apr 18 13:03 phoenixdb_2011-04-18T13-00-02
CMDB Restore Procedure
If your database becomes corrupted, you can restore it from backup by performing these steps on your Supervisor node.
- Perform a clean stop by running the following command:
systemctl stop phxctl - Stop all processes with this phTools command:
phtools -stop all - Wait for approximately 20 seconds for all processes to stop.
- Run
killall -9 java; killall -9 phMonitor - Copy the latest
phoenixdb_<timestamp>file to a directory like/tmpon the Supervisor host. - Go to
/opt/phoenix/deployment. - Run
db_restore /tmp/phoenixdb_<timestamp> - When this process completes, reboot the system by running the following command:
reboot
Backing Up and Restoring EventDB
EventDB Backup Procedure
The event data is stored in /data/eventdb. Since this data can become very large over time, you should use a program such as rsync to incrementally move the data to another location. From version 4.2.1, the rsync program is installed on FortiSIEM by default.
Use this command to back up the EventDB.
#rsync -a --progress /data/eventdb /<another>/<mount>/<point>
EventDB Restore Procedure
To restore EventDB there are two options:
- Mount the directory where the event database was backed up.
- Copy the backup to the /data/eventdb directory.
These instructions are for copying the backup to the /data/eventdb directory.
- Stop all running processes.
#phtools --stop all - Check that all processes have stopped.
#phstatus
You will see that these processes are still running, which is expected behavior.
These processes will continue to run, which is expected behavior:phMonitor 1-01:55:17 0 992m 540mApache 1-01:56:45 0 236m 9720AppSvr 1-01:56:35 0 3908m 758mDBSvr 1-01:57:06 0 383m 6656 - Copy the EventDB to the event DB location
/data/eventdb. If you use thecpcommand, it may appear that the command has hung if there is a lot of data to copy.#cp -a /backup/eventdb /data/eventdb
Alternatively, you can use rsync and display the process status.#rsync -a --progress/backup/eventdb /data/eventdb - Once complete, restart all processes.
#phtools --start all - Check that all processes have started.
#phstatus
Backing Up and Restoring SVN
FortiSIEM uses an inbuilt SVN to store network device configuration and installed software versions.
SVN Backup
The SVN files are stored in /svn. Copy the entire directory to another location.
# cd /
# cp -r /svn /<another>/<mount>/<point>
SVN Restore
Copy the entire /svn from the backup location and rename the directory to /svn.
# cd /<another>/<mount>/<point>
# cp -r svn /