Use these commands to backup and restore system information. Many of these tasks can be performed from the Administration Console.
When Guardium data is archived (or exported to an aggregator), there is a separate file for each day of data. Depending on how your export/purge or archive/purge operation is configured, you may have multiple copies of data exported for the same day. Archive and export data file names have the same format:
<daysequence>-<hostname.domain>-w<run_datestamp>-d<data_date>.dbdump.enc
daysequence is a number representing the date of the archived data, expressed as the number of days since year 0. The same date appears in yyyy-mm-dd format in the data_date portion of the name (see below).
hostname.domain is the host name of the Guardium appliance on which the archive was created, followed by a dot character and the domain name.
run_datestamp is the date that the data was archived or exported, in yyyymmdd.hhmmss format.
data_date is the date of the archived data, in yyyy-mm-dd format.
For example:
732423-g1.guardium.com-w20050425.040042-d2005-04-22.dbdump.enc
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command (see below) provides a more comprehensive backup of the configuration and the entire system.
backup config
restore config
This topic applies to backup and restore operations for the Guardium internal database. You can back up or restore either configuration information only, or the entire system (data plus configuration information, except for the shared secret key files, which are backed up and restored separately, see the aggregator backup keys file and aggregator restore keys file commands). These commands stop all inspection engines and web services and restart them after the operation completes.
Before restoring a file, be sure that the appliance has the system shared secret of the system that created that file (otherwise, it will not be able to decrypt the information). See About the System Shared Secret in the Guardium Administrator Guide.
There are two commands involved in the restore process:
import file, which returns an archived backup file to the system
restore system, which restores the system from a backup file previously returned by an import file operation.
For all backup, import and restore commands, you will receive a series of prompts to supply some combination of the following items, depending on which storage systems are configured, and the type of restore operation. Respond to each prompt as appropriate for your operation. The following table describes the information for which you may be prompted.
|
Item |
Description |
|
1. SCP 2. FTP 3. TSM 4. CENTERA |
Select the method to use to transfer the file. TSM and Centera will be displayed only if those storage methods that have been enabled (see the store storage-method command) |
|
1. Data 2. Configuration |
Select Configuration to back up definitions and configuration information only, or select Data to back up data in addition to configuration information. |
|
1. restore from archive 2. restore from backup |
Select restore from archive to restore archived data, or select restore from backup to restore configuration information. |
|
1. normal 2. upgrade |
If restoring from the same software version of Guardium, select normal. If restoring configuration information following software upgrade of the Guardium appliance, select upgrade. |
|
host |
The remote host for the backup file. |
|
remote directory |
The directory for the backup file. For FTP, the directory is relative to the FTP root directory for the FTP user account used. For SSH, the directory path is a full directory path. For Windows SSH servers, use Unix-style path names with forward slashes, rather than Windows-style backslashes. |
|
username |
The user account name to use for the operation (for backup operations, this user must have write/execute permission for the directory specified above). |
|
password |
The password for the above username. |
|
file name |
The file name for the archive or backup file. See Archived Data File Names. |
|
Centera server |
Enter the Centera server name. If using PEA files, use the following format: <Host name/IP>? <full PEA file name>, for example: 128.221.200.56?/var/centera/us_profile_rwqe.pea.txt |
|
Centera clipID |
For a Centera restore operation, the Content Address returned from the backup operation. For example: 6M4B15U4JM4LBeDGKCPF9VQO3UA |
After you have supplied all of the information required for the backup or restore operation, a series of messages will be displayed informing you of the results of the operation. For example, for a restore system operation the messages should look something like this (depending on the type of restore and storage method used):
gpg: Signature made Thu Feb 22 11:38:01 2007 EST using DSA key ID 2348FF9E
gpg: Good signature from "Backup Signer <support@guardium.com>"
Proceeding to shutdown services
Proceeding to startup services
Safekeeping admin.xreg
Safekeeping client.xreg
Safekeeping controllers.xreg
Safekeeping controls.xreg
Safekeeping guardium-portlets.xreg
Safekeeping local-portlets.xreg
Safekeeping local-security.xreg
Safekeeping local-skins.xreg
Safekeeping media.xreg
Safekeeping portlets.xreg
Safekeeping security.xreg
Safekeeping skins.xreg
guard_sniffer.pl -reorder
Recovery procedure was successful.
ok
See backup and restore, above.
backup system
Exports audit data from the specified date (yyyy-mm-dd) from various internal Guardium tables to a compressed archive file. The data from a specified date will be stored in a compressed archive file, in the /var/dump directory. The file created will be identified in the messages produced by the system. See the example below. Use this command only under the direction of Guardium Support.
export audit-data <yyyy-mm-dd>
If you enter the audit-data command for the date 2005-09-16, a set of messages similar to the following will be created:
supp2.guardium.com> export audit-data 2005-09-16
2005-09-16
Extracting GDM_ACCESS Data ...
Extracting GDM_CONSTRUCT Data ...
Extracting GDM_SENTENCE Data ...
Extracting GDM_OBJECT Data ...
Extracting GDM_FIELD Data ...
Extracting GDM_CONSTRUCT_TEXT Data ...
Extracting GDM_SESSION Data ...
Extracting GDM_EXCEPTION Data ...
Extracting GDM_POLICY_VIOLATIONS_LOG Data ...
Extracting GDM_CONSTRUCT_INSTANCE Data ...
Generating tar file ...
/var/csvGenerationTmp ~
GDM_ACCESS.txt
GDM_CONSTRUCT.txt
GDM_CONSTRUCT_INSTANCE.txt
GDM_CONSTRUCT_TEXT.txt
GDM_EXCEPTION.txt
GDM_FIELD.txt
GDM_OBJECT.txt
GDM_POLICY_VIOLATIONS_LOG.txt
GDM_SENTENCE.txt
GDM_SESSION.txt
~
Generation completed, CSV Files saved to /var/dump/732570-supp2.guardium.com-w20050919110317-d2005-09-16.exp.tgz
ok
The data from each of the named internal database tables is written to a text file, in CSV format. The name of the archive file ends with exp.tgz and the remainder of the name is formed as described under in the About Archived Data File Names, above.
You can use the export file command (see below) to transfer this file to another system.
This command exports a single file named filename from the /var/dump, /var/log, or /var/importdir directory. Use this command only under the direction of Guardium Support. To export Guardium data to an aggregator or to archive data, use the appropriate menu commands on the Administration Console panel.
export file </local_path/filename> <user@host:/path/filename>
local_path must be one of the following: /var/log, /var/dump, or /var/importdir.
Use this command to start an HTTP based file server running on the Guardium appliance. This facility is intended to ease the task of uploading patches to the unit, or downloading debugging information from the unit. Each time this facility starts, it deletes any files in the directory to which it uploads patches.
fileserver
To start the file, enter the fileserver command:
g4.guardium.com> fileserver
Starting the file server. You can find it at http://g4
Press ENTER to stop the file server.
Open the fileserver in a browser window, and to one of the following:
To upload a patch, click Upload a patch and follow the directions.
To download log data, click Sqlguard logs, navigate to the file you want, right-click on it, and download as you would any other file.
When you are done, return to the cli session and press Enter to terminate the session.
See backup and restore, above.
import file
Uploads a TSM client configuration file to the Guardium appliance. You must do this before performing any archiving or backup operations using TSM. You will always need to upload a dsm.sys file, and if that file includes multiple servername sections, you will also need to upload a dsm.opt file. For information about how to create these files, check with your company’s TSM administrator.
You will be prompted for a password for the user account on the specified host.
import tsm config <user@host:/path/[ dsm.sys | dsm.opt ]>
user@host - User account to access the file on the specified host.
/path/[ dsm.sys | dsm.opt ] - Full path filename of the file to import (see above).
Use this command to display any files ending with the suffix .tgz in the /var/dump directory. For more information about audit data files, see export audit-data.
export audit-data <yyyy-mm-dd>
Use this command only under the direction of Guardium Support. This command is used to remove compressed audit data files. You will be prompted to enter an index number to identify the file to be removed. Only those files in the /var/dump directory ending with the .tgz suffix will be listed. See Archived Data File Names, above, for information about how archived data file names are formed.
You will be prompted to identify the file to be removed.
remove audit-data
See backup and restore, above.
restore system