File Handling CLI Commands

File Handling CLI Commands Overview

Use these commands to backup and restore system information. Many of these tasks can be performed from the Administration Console.

About Archived Data File Names

When Guardium data is archived (or exported to an aggregator), there is a separate file for each day of data. Depending on how your export/purge or archive/purge operation is configured, you may have multiple copies of data exported for the same day. Archive and export data file names have the same format:

<daysequence>-<hostname.domain>-w<run_datestamp>-d<data_date>.dbdump.enc

daysequence is a number representing the date of the archived data, expressed as the number of days since year 0. The same date appears in yyyy-mm-dd format in the data_date portion of the name (see below).

hostname.domain is the host name of the Guardium appliance on which the archive was created, followed by a dot character and the domain name.

run_datestamp is the date that the data was archived or exported, in yyyymmdd.hhmmss format.

data_date is the date of the archived data, in  yyyy-mm-dd format.

For example:

732423-g1.guardium.com-w20050425.040042-d2005-04-22.dbdump.enc

backup config and restore config

These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command (see below) provides a more comprehensive backup of the configuration and the entire system.

Syntax

backup config

restore config

backup system and restore system

This topic applies to backup and restore operations for the Guardium internal database. You can back up or restore either configuration information only, or the entire system (data plus configuration information, except for the shared secret key files, which are backed up and restored separately, see the aggregator backup keys file and aggregator restore keys file commands). These commands stop all inspection engines and web services and restart them after the operation completes.

Before restoring a file, be sure that the appliance has the system shared secret of the system that created that file (otherwise, it will not be able to decrypt the information). See About the System Shared Secret in the Guardium Administrator Guide.

There are two commands involved in the restore process:

For all backup, import and restore commands, you will receive a series of prompts to supply some combination of the following items, depending on which storage systems are configured, and the type of restore operation. Respond to each prompt as appropriate for your operation. The following table describes the information for which you may be prompted.

Item

Description

1. SCP

2. FTP

3. TSM

4. CENTERA

Select the method to use to transfer the file. TSM and Centera will be displayed only if those storage methods that have been enabled (see the store storage-method command)

1. Data

2. Configuration

Select Configuration to back up definitions and configuration information only, or select Data to back up data in addition to configuration information.

1. restore from archive

2. restore from backup

Select restore from archive to restore archived data, or select restore from backup to restore configuration information.

1. normal

2. upgrade

If restoring from the same software version of Guardium, select normal. If restoring configuration information following software  upgrade of the Guardium appliance, select upgrade.

host

The remote host for the backup file.

remote directory

The directory for the backup file. For FTP, the directory is relative to the FTP root directory for the FTP user account used. For SSH, the directory path is a full directory path. For Windows SSH servers, use Unix-style path names with forward slashes, rather than Windows-style backslashes.

username

The user account name to use for the operation (for backup operations, this user must have write/execute permission for the directory specified above).

password

The password for the above username.

file name

The file name for the archive or backup file. See Archived Data File Names.

Centera server

Enter the Centera server name. If using PEA files, use the following  format:  <Host name/IP>? <full PEA file name>, for example:

128.221.200.56?/var/centera/us_profile_rwqe.pea.txt

Centera clipID

For a Centera restore operation, the Content Address returned from the backup operation. For example:

6M4B15U4JM4LBeDGKCPF9VQO3UA

After you have supplied all of the information required for the backup or restore operation, a series of messages will be displayed informing you of the results of the operation. For example, for a restore system operation the messages should look something like this (depending on the type of restore and storage method used):

gpg: Signature made Thu Feb 22 11:38:01 2007 EST using DSA key ID 2348FF9E

gpg: Good signature from "Backup Signer <support@guardium.com>"

Proceeding to shutdown services

Proceeding to startup services

Safekeeping admin.xreg

Safekeeping client.xreg

Safekeeping controllers.xreg

Safekeeping controls.xreg

Safekeeping guardium-portlets.xreg

Safekeeping local-portlets.xreg

Safekeeping local-security.xreg

Safekeeping local-skins.xreg

Safekeeping media.xreg

Safekeeping portlets.xreg

Safekeeping security.xreg

Safekeeping skins.xreg

guard_sniffer.pl -reorder

Recovery procedure was successful.

ok

backup system

See backup and restore, above.

Syntax

backup system

export audit-data

Exports audit data from the specified date (yyyy-mm-dd) from various internal Guardium tables to a compressed archive file. The data from a specified date will be stored in a compressed archive file, in the /var/dump directory. The file created will be identified in the messages produced by the system. See the example below. Use this command only under the direction of Guardium Support.

Syntax

export audit-data <yyyy-mm-dd>

Example

If you enter the audit-data command for the date 2005-09-16, a set of messages similar to the following will be created:

supp2.guardium.com> export audit-data 2005-09-16

2005-09-16

Extracting  GDM_ACCESS  Data ...

Extracting  GDM_CONSTRUCT  Data ...

Extracting  GDM_SENTENCE  Data ...

Extracting  GDM_OBJECT  Data ...

Extracting  GDM_FIELD  Data ...

Extracting  GDM_CONSTRUCT_TEXT  Data ...

Extracting  GDM_SESSION  Data ...

Extracting  GDM_EXCEPTION  Data ...

Extracting  GDM_POLICY_VIOLATIONS_LOG  Data ...

Extracting  GDM_CONSTRUCT_INSTANCE  Data ...

Generating tar file ...

/var/csvGenerationTmp ~

GDM_ACCESS.txt

GDM_CONSTRUCT.txt

GDM_CONSTRUCT_INSTANCE.txt

GDM_CONSTRUCT_TEXT.txt

GDM_EXCEPTION.txt

GDM_FIELD.txt

GDM_OBJECT.txt

GDM_POLICY_VIOLATIONS_LOG.txt

GDM_SENTENCE.txt

GDM_SESSION.txt

~

Generation completed, CSV Files saved to /var/dump/732570-supp2.guardium.com-w20050919110317-d2005-09-16.exp.tgz

ok

The data from each of the named internal database tables is written to a text file, in CSV format. The name of the archive file ends with exp.tgz and the remainder of the name is formed as described under in the About Archived Data File Names, above.

You can use the export file command (see below) to transfer this file to another system.

export file

This command exports a single file named filename from the /var/dump, /var/log, or /var/importdir directory. Use this command only under the direction of Guardium Support. To export Guardium data to an aggregator or to archive data, use the appropriate menu commands on the Administration Console panel.

Syntax

export file </local_path/filename> <user@host:/path/filename>

local_path must be one of the following: /var/log, /var/dump, or /var/importdir.

fileserver

Use this command to start an HTTP based file server running on the Guardium appliance. This facility is intended to ease the task of uploading patches to the unit, or downloading debugging information from the unit. Each time this facility starts, it deletes any files in the directory to which it uploads patches.

Syntax

fileserver

Example

To start the file, enter the fileserver command:

g4.guardium.com> fileserver

Starting the file server. You can find it at http://g4

Press ENTER to stop the file server.

Open the fileserver in a browser window, and to one of the following:

When you are done, return to the cli session and press Enter to terminate the session.

import file

See backup and restore, above.

Syntax

import file

import tsm config

Uploads a TSM client configuration file to the Guardium appliance. You must do this before performing any archiving or backup operations using TSM. You will always need to upload a dsm.sys file, and if that file includes multiple servername sections, you will also need to upload a dsm.opt file. For information about how to create these files, check with your company’s TSM administrator.

You will be prompted for a password for the user account on the specified host.

Syntax

import tsm config <user@host:/path/[ dsm.sys | dsm.opt ]>

Parameters

user@host - User account to access the file on the specified host.

/path/[ dsm.sys | dsm.opt ] - Full path filename of the file to import (see above).

list audit data

Use this command to display any files ending with the suffix .tgz in the /var/dump directory. For more information about audit data files, see export audit-data.

Syntax

export audit-data <yyyy-mm-dd>

remove audit-data

Use this command only under the direction of Guardium Support. This command is used to remove compressed audit data files. You will be prompted to enter an index number to identify the file to be removed. Only those files in the /var/dump directory ending with the .tgz suffix will be listed. See  Archived Data File Names, above, for information about how archived data file names are formed.

You will be prompted to identify the file to be removed.

Syntax

remove audit-data

restore system

See backup and restore, above.

Syntax

restore system