Fortinet black logo

Backing up and Restoring FortiSOAR Cloud

Copy Link
Copy Doc ID 6f55d2e9-db1c-11eb-97f7-00505692583a:623766
Download PDF

Backing up and Restoring FortiSOAR Cloud

This chapter describes the process of backing up and restoring FortiSOAR Cloud.

Prerequisites

You must have root or sudo permissions to perform backup and restore.

Note

Ensure that you have enough disk space available to perform backup and restore tasks. It is recommended that you have available disk space of around 3X of the data size, for example, if your data size is 2GB, then you should have around 6GB of available disk space, to ensure that the processes do not stop or fail.

Backup Process

Use the FortiSOAR Admin CLI (csadm) db option to regularly perform backups and restore, which restores the data seamlessly to a new FortiSOAR Cloud environment.

The FortiSOAR Admin CLI performs a full database backup of your FortiSOAR Cloud server each time. There is no provision of incremental backups. Backups are performed for a particular version of FortiSOAR Cloud, and backups should be restored on the exact versions of FortiSOAR Cloud. If a newer version of FortiSOAR Cloud is available and you want to move to that newer version of FortiSOAR Cloud, you must restore the backed-up version only and then upgrade to the latest FortiSOAR Cloud version. This is to ensure that all the new changes will be present.

Tooltip

The FortiSOAR Cloud Admin CLI backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.

Data that is backed up during the backup process

The FortiSOAR Cloud Admin CLI backs up the following files, configurations, and data during the backup process:

  • site-packages
  • connectors
  • application.conf
  • db_config.yml
  • pg_hba.conf
  • Syslog forwarding configuration
  • All major configuration files such as das.ini, postgresql.conf
  • PostgreSQL database backups as per requirements
  • User-defined custom expressions
Note

Backup of the configuration files are taken only in case of localized databases.

Prerequisites to running the backup process

You must have the NFS or local backup storage path.

Performing a backup

To perform a backup run the csadm command on any FortiSOAR Cloud machine using any terminal. A user who has root or sudo permissions can run the csadm command.

  1. SSH to your FortiSOAR Cloud VM and login as a root user.
  2. To perform a backup, type the following command:
    # csadm db --backup [<backup_dir_path>]
    [<backup_dir_path>] is the directory where backup files will be created. If you do not specify any path, then by default, the backup file is stored in the current working directory.
    Optionally, you can specify the --exclude-workflow option to exclude all the "Executed Playbook Logs" from the backup. Executed playbook logs are primarily meant for debugging so they are not a very critical component to be backed up. However, they constitute a major part of the database size, so excluding them from the backup reduces time and space needed for the backup. To exclude all the "Executed Playbook Logs" from the backup, type the command as follows:
    # csadm db --backup [<backup_dir_path>] --exclude-workflow
    Important: FortiSOAR Cloud backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.
  3. (Optional) If you only want to backup only your configuration files, then type the following command:
    # csadm db --backup-config [<backup_dir_path>]
    Once you run the above command, you will be asked to provide the path of the configuration backup file. If you do not specify any path, then by default, the backup file is stored in the current working directory.

Running a backup as a scheduled job

Following is an example of running a backup as a scheduled cron job, on your FortiSOAR Cloud system or external Secure Message Exchange, that will run at 12:30 am every day. You can schedule the backup process based on your requirements.

Add the cron job to run at 12:30 am every day as follows:

$ sudo crontab –e
30 00 * * * csadm db --backup <backup_dir_path>

Once the backup process is successfully completed, the final DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file is located in the directory where the backup files are created. It would be the same directory that you have specified when you ran the csadm db --backup <backup_dir_path> command. The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes the timestamp on when the backup is created.

The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes all the backup files. You can run the following command to check the contents of the DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file :
# tar -tvf <DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz>

Restoring data

  1. Move the backup file to the new FortiSOAR Cloud VM.
  2. SSH to the new FortiSOAR Cloud VM and login as a root user.
  3. To restore the data, type the following command:
    # csadm db --restore <backup_file_path>
    [<backup_file_path>] is the directory where you have saved the backed up files. Note that the backup process, by default stores the backup in a locally saved file: /home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz
    Important: Once you have restored FortiSOAR Cloud, you are required to reinstall the license for this FortiSOAR Cloud instance. To reinstall the license, click the Retry Sync button on the UI.

Backing up and Restoring FortiSOAR Cloud

This chapter describes the process of backing up and restoring FortiSOAR Cloud.

Prerequisites

You must have root or sudo permissions to perform backup and restore.

Note

Ensure that you have enough disk space available to perform backup and restore tasks. It is recommended that you have available disk space of around 3X of the data size, for example, if your data size is 2GB, then you should have around 6GB of available disk space, to ensure that the processes do not stop or fail.

Backup Process

Use the FortiSOAR Admin CLI (csadm) db option to regularly perform backups and restore, which restores the data seamlessly to a new FortiSOAR Cloud environment.

The FortiSOAR Admin CLI performs a full database backup of your FortiSOAR Cloud server each time. There is no provision of incremental backups. Backups are performed for a particular version of FortiSOAR Cloud, and backups should be restored on the exact versions of FortiSOAR Cloud. If a newer version of FortiSOAR Cloud is available and you want to move to that newer version of FortiSOAR Cloud, you must restore the backed-up version only and then upgrade to the latest FortiSOAR Cloud version. This is to ensure that all the new changes will be present.

Tooltip

The FortiSOAR Cloud Admin CLI backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.

Data that is backed up during the backup process

The FortiSOAR Cloud Admin CLI backs up the following files, configurations, and data during the backup process:

  • site-packages
  • connectors
  • application.conf
  • db_config.yml
  • pg_hba.conf
  • Syslog forwarding configuration
  • All major configuration files such as das.ini, postgresql.conf
  • PostgreSQL database backups as per requirements
  • User-defined custom expressions
Note

Backup of the configuration files are taken only in case of localized databases.

Prerequisites to running the backup process

You must have the NFS or local backup storage path.

Performing a backup

To perform a backup run the csadm command on any FortiSOAR Cloud machine using any terminal. A user who has root or sudo permissions can run the csadm command.

  1. SSH to your FortiSOAR Cloud VM and login as a root user.
  2. To perform a backup, type the following command:
    # csadm db --backup [<backup_dir_path>]
    [<backup_dir_path>] is the directory where backup files will be created. If you do not specify any path, then by default, the backup file is stored in the current working directory.
    Optionally, you can specify the --exclude-workflow option to exclude all the "Executed Playbook Logs" from the backup. Executed playbook logs are primarily meant for debugging so they are not a very critical component to be backed up. However, they constitute a major part of the database size, so excluding them from the backup reduces time and space needed for the backup. To exclude all the "Executed Playbook Logs" from the backup, type the command as follows:
    # csadm db --backup [<backup_dir_path>] --exclude-workflow
    Important: FortiSOAR Cloud backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.
  3. (Optional) If you only want to backup only your configuration files, then type the following command:
    # csadm db --backup-config [<backup_dir_path>]
    Once you run the above command, you will be asked to provide the path of the configuration backup file. If you do not specify any path, then by default, the backup file is stored in the current working directory.

Running a backup as a scheduled job

Following is an example of running a backup as a scheduled cron job, on your FortiSOAR Cloud system or external Secure Message Exchange, that will run at 12:30 am every day. You can schedule the backup process based on your requirements.

Add the cron job to run at 12:30 am every day as follows:

$ sudo crontab –e
30 00 * * * csadm db --backup <backup_dir_path>

Once the backup process is successfully completed, the final DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file is located in the directory where the backup files are created. It would be the same directory that you have specified when you ran the csadm db --backup <backup_dir_path> command. The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes the timestamp on when the backup is created.

The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes all the backup files. You can run the following command to check the contents of the DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file :
# tar -tvf <DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz>

Restoring data

  1. Move the backup file to the new FortiSOAR Cloud VM.
  2. SSH to the new FortiSOAR Cloud VM and login as a root user.
  3. To restore the data, type the following command:
    # csadm db --restore <backup_file_path>
    [<backup_file_path>] is the directory where you have saved the backed up files. Note that the backup process, by default stores the backup in a locally saved file: /home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz
    Important: Once you have restored FortiSOAR Cloud, you are required to reinstall the license for this FortiSOAR Cloud instance. To reinstall the license, click the Retry Sync button on the UI.