This chapter describes the process of backing up and restoring FortiSOAR Cloud.
You must have
sudo permissions to perform backup and restore.
Ensure that you have enough disk space available to perform backup and restore tasks. It is recommended that you have available disk space of around 3X of the data size, for example, if your data size is 2GB, then you should have around 6GB of available disk space, to ensure that the processes do not stop or fail.
Use the FortiSOAR Admin CLI (
db option to regularly perform backups and restore, which restores the data seamlessly to a new FortiSOAR Cloud environment.
The FortiSOAR Admin CLI performs a full database backup of your FortiSOAR Cloud server each time. There is no provision of incremental backups. Backups are performed for a particular version of FortiSOAR Cloud, and backups should be restored on the exact versions of FortiSOAR Cloud. If a newer version of FortiSOAR Cloud is available and you want to move to that newer version of FortiSOAR Cloud, you must restore the backed-up version only and then upgrade to the latest FortiSOAR Cloud version. This is to ensure that all the new changes will be present.
The FortiSOAR Cloud Admin CLI backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.
The FortiSOAR Cloud Admin CLI backs up the following files, configurations, and data during the backup process:
- Syslog forwarding configuration
- All major configuration files such as das.ini, postgresql.conf
- PostgreSQL database backups as per requirements
- User-defined custom expressions
Backup of the configuration files are taken only in case of localized databases.
You must have the NFS or local backup storage path.
To perform a backup run the
csadm command on any FortiSOAR Cloud machine using any terminal. A user who has
sudo permissions can run the
- SSH to your FortiSOAR Cloud VM and login as a root user.
- To perform a backup, type the following command:
# csadm db --backup [<backup_dir_path>]
[<backup_dir_path>]is the directory where backup files will be created. If you do not specify any path, then by default, the backup file is stored in the current working directory.
Optionally, you can specify the
--exclude-workflowoption to exclude all the "Executed Playbook Logs" from the backup. Executed playbook logs are primarily meant for debugging so they are not a very critical component to be backed up. However, they constitute a major part of the database size, so excluding them from the backup reduces time and space needed for the backup. To exclude all the "Executed Playbook Logs" from the backup, type the command as follows:
# csadm db --backup [<backup_dir_path>] --exclude-workflow
Important: FortiSOAR Cloud backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.
- (Optional) If you only want to backup only your configuration files, then type the following command:
# csadm db --backup-config [<backup_dir_path>]
Once you run the above command, you will be asked to provide the path of the configuration backup file. If you do not specify any path, then by default, the backup file is stored in the current working directory.
Following is an example of running a backup as a scheduled cron job, on your FortiSOAR Cloud system or external Secure Message Exchange, that will run at 12:30 am every day. You can schedule the backup process based on your requirements.
Add the cron job to run at 12:30 am every day as follows:
$ sudo crontab –e 30 00 * * * csadm db --backup <backup_dir_path>
Once the backup process is successfully completed, the final
DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file is located in the directory where the backup files are created. It would be the same directory that you have specified when you ran the
csadm db --backup <backup_dir_path> command. The
DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes the timestamp on when the backup is created.
DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes all the backup files. You can run the following command to check the contents of the
DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file :
# tar -tvf <DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz>
- Move the backup file to the new FortiSOAR Cloud VM.
- SSH to the new FortiSOAR Cloud VM and login as a root user.
- To restore the data, type the following command:
# csadm db --restore <backup_file_path>
[<backup_file_path>]is the directory where you have saved the backed up files. Note that the backup process, by default stores the backup in a locally saved file:
Important: Once you have restored FortiSOAR Cloud, you are required to reinstall the license for this FortiSOAR Cloud instance. To reinstall the license, click the Retry Sync button on the UI.