Use these commands to backup and restore system information. Many of these tasks can be performed from Guardium® user interface.
When Guardium data is archived, there is a separate file for each day of data. Depending on how your export/purge or archive/purge operation is configured, you may have multiple copies of data exported for the same day. Archive and export data file names have the same format:
<daysequence>-<hostname.domain>-w<run_datestamp>-d<data_date>.dbdump.enc
daysequence is a number representing the date of the archived data, expressed as the number of days since year 0. The same date appears in yyyy-mm-dd format in the data_date portion of the name.
hostname.domain is the host name of the Guardium appliance on which the archive was created, followed by a dot character and the domain name.
run_datestamp is the date that the data was archived or exported, in yyyymmdd.hhmmss format.
data_date is the date of the archived data, in yyyy-mm-dd format.
For example: 732423-g1.guardium.com-w20050425.040042-d2005-04-22.dbdump.enc
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a more comprehensive backup of the configuration and the entire system.
Syntax
backup config
restore config
This topic applies to backup and restore operations for the Guardium internal database. You can back up or restore either configuration information only, or the entire system (data plus configuration information, except for the shared secret key files, which are backed up and restored separately). These commands stop all inspection engines and web services and restart them after the operation completes.
For all backup, import and restore commands, you will receive a series of prompts to supply some combination of the following items, depending on which storage systems are configured, and the type of restore operation. Respond to each prompt as appropriate for your operation. The following table describes the information for which you may be prompted.
One copy of the SCP/FTP/TSM/Centera file transfer is saved, regardless if the transfer was successful or failed. As certain files may take hours to regenerate (for example, system backup), having a readily available copy (in particular if the file transfer failed) is of value to the user. Only one copy of each type of file is retained (archive/system backup/configuration backup/etc.)
Backup system will copy the current license, metering and number of datasources, and then backup the data. Restore system will restore the data and then restore the license, metering and number of datasources. This sequence applies to the regular restore system. Restore from a previous system will require re-configuring license, metering and number of datasources.
When configuring backups, value of zero '0' for the port number indicates that the default port is being used for that protocol and no need to change.
| Item | Description |
|---|---|
SCP, FTP, TSM, Centera, Snapshot |
Select the method to use to transfer the file. TSM and Centera will be displayed only if those storage methods that have been enabled (see the store storage-method command) |
Data or Configuration |
Select Configuration to back up definitions and configuration information only, or select Data to back up data in addition to configuration information. |
restore from archive or restore from backup |
Select restore from archive to restore archived data, or select restore from backup to restore configuration information. |
normal or upgrade |
If restoring from the same software version of Guardium, select normal. If restoring configuration information following software upgrade of the Guardium appliance, select upgrade. |
host |
The remote host for the backup file. |
remote directory |
The directory for the backup file. For FTP, the directory is relative to the FTP root directory for the FTP user account used. For SSH, the directory path is a full directory path. For Windows SSH servers, use Unix-style path names with forward slashes, rather than Windows-style backslashes. |
username |
The user account name to use for the operation (for backup operations, this user must have write/execute permission for the directory specified). Note: For Windows, a domain user is accepted with the format of domain\user |
password |
The password for the username. |
file name |
The file name for the archive or backup file. See Archived Data Names. A user can select multiple files by using the wildcard character * in the file name. Support of the wildcard character * is permitted when using transfer methods FTP, SCP and Snapshot. Support of the wildcard character * is not permitted on transfer methods TSM or Centera. |
Centera server |
Enter the Centera server name. If using PEA files, use the following format: <Host name/IP>? <full PEA file name>, for example: 128.221.200.56?/var/centera/us_profile_rwqe.pea.txt |
Centera clipID |
For a Centera restore operation, the Content Address returned from the backup operation. For example: 6M4B15U4JM4LBeDGKCPF9VQO3UA |
After you have supplied all of the information required for the backup or restore operation, a series of messages will be displayed informing you of the results of the operation. For example, for a restore system operation the messages should look something like this (depending on the type of restore and storage method used):
gpg: Signature made Thu Feb 22 11:38:01 2009 EST using DSA key ID 2348FF9E
gpg: Good signature from "Backup Signer <support@guardium.com>"
Proceeding to shutdown services
Proceeding to startup services
Safekeeping admin.xreg
Safekeeping client.xreg
Safekeeping controllers.xreg
Safekeeping controls.xreg
Safekeeping guardium-portlets.xreg
Safekeeping local-portlets.xreg
Safekeeping local-security.xreg
Safekeeping local-skins.xreg
Safekeeping media.xreg
Safekeeping portlets.xreg
Safekeeping security.xreg
Safekeeping skins.xreg
guard_sniffer.pl -reorder
Recovery procedure was successful.
okThe backup process will check for room in /var before running and fail. This process will also warn the user if there is insufficient space for backup.
The archive process will check the size of the static tables and make sure there is room in /var to create the archive.
An error is now logged in the logfile and GUI if the backup is over 50%
Example:
ERROR: /var backup space is at 60% used. Insufficient disk space
for backup.
CLI> backup system
1. DATA
2. CONFIGURATION
Please enter the number of your choice: (q to quit) 1
1. SCP
2. CONFIGURED DESTINATION
Enter the number of your choice: (q to quit) 2
Make sure destination is configured in the GUI under the System Backup option
Please wait, this may take some time.Use this command to maintain the backup profile data (patch mechanism).
The backup file will be copied to the destination according to the backup profile. If the parameter indicating whether to keep the backup file is “1” AND there is enough disk space the backup file will be kept within the system, otherwise removed.
All four fields must be filled in - backup destination host, backup destination directory, backup destination user, and backup destination password.
Syntax
show backup profile
Example
patch backup flag is 1
patch backup automatic recovery flag is 1
patch backup dest host is
patch backup dest dir is
patch backup dest user is
patch backup dest pass is
ok Syntax
store backup profile
Example
Do you want to set up for automatic recovery? (y/n)
Enter the patch backup destination host:
Enter the patch backup destination directory:
Enter the patch backup destination user:
Enter the patch backup destination password:Exports audit data from the specified date (yyyy-mm-dd) from various internal Guardium tables to a compressed archive file. The data from a specified date will be stored in a compressed archive file, in the /var/dump directory. The file created will be identified in the messages produced by the system. See the example. Use this command only under the direction of Guardium Support.
Syntax
export audit-data <yyyy-mm-dd>
Example
If you enter the audit-data command for the date 2005-09-16, a set of messages similar to the following will be created:
CLI> export audit-data 2005-09-16
2005-09-16
Extracting GDM_ACCESS Data ...
Extracting GDM_CONSTRUCT Data ...
Extracting GDM_SENTENCE Data ...
Extracting GDM_OBJECT Data ...
Extracting GDM_FIELD Data ...
Extracting GDM_CONSTRUCT_TEXT Data ...
Extracting GDM_SESSION Data ...
Extracting GDM_EXCEPTION Data ...
Extracting GDM_POLICY_VIOLATIONS_LOG Data ...
Extracting GDM_CONSTRUCT_INSTANCE Data ...
Generating tar file ...
/var/csvGenerationTmp ~
GDM_ACCESS.txt
GDM_CONSTRUCT.txt
GDM_CONSTRUCT_INSTANCE.txt
GDM_CONSTRUCT_TEXT.txt
GDM_EXCEPTION.txt
GDM_FIELD.txt
GDM_OBJECT.txt
GDM_POLICY_VIOLATIONS_LOG.txt
GDM_SENTENCE.txt
GDM_SESSION.txt
~
Generation completed, CSV Files saved to /var/dump/732570-supp2.guardium.com-w20050919110317-d2005-09-16.exp.tgz
okThe data from each of the named internal database tables is written to a text file, in CSV format. The name of the archive file ends with exp.tgz and the remainder of the name is formed as described in About Archived Data File Names.
You can use the export file command to transfer this file to another system.
Use this command only under the direction of Guardium Support. This command is used to remove compressed audit data files. You will be prompted to enter an index number to identify the file to be removed. See Archived Data File Names, for information about how archived data file names are formed.
You will be prompted to identify the file to be removed.
Syntax
delete audit-data
Use this command to display any files that were created by executing the CLI command, export audit-data. For more information about audit data files, see export audit-data.
Syntax
show audit-data <yyyy-mm-dd>
This command exports a single file named filename from the /var/dump, /var/log, or /var/importdir directory. Use this command only under the direction of Guardium Support. To archive data, use the appropriate menu commands on the Administration Console panel.
Syntax
export file </local_path/filename> <user@host:/path/filename>
local_path must be one of the following: /var/log, /var/dump, or /var/importdir.
Use this command to start an HTTP-based (different from an HTTPS) file server running on the Guardium appliance. This facility is intended to ease the task of uploading patches to the unit or downloading debugging information from the unit. Each time this facility starts, it deletes any files in the directory to which it uploads patches.
Syntax
fileserver [ip address] [duration]
ip address is an optional parameter that allows access to the fileserver from the indicated IP address. By default (without the parameter), access is restricted to the IP address of the SSH client that started the fileserver.
duration is an optional parameter that specifies the number of seconds that the fileserver is active. After the specified number of seconds, the fileserver shuts down automatically. The duration can be any number of seconds from 60 to 3600.
In case of a security setup where browser sessions are redirected through a proxy server, the IP address of the fileserver client will not be the same as SSH client that started the fileserver. Instead, the fileserver client will have the IP address of the proxy server, and this address must be passing the optional ip address parameter. To find the proxy IP address, check your browser settings or the client IP addresses shown in the Logins to Guardium report in the Guardium Monitor interface.
Example
To start the file, enter the fileserver command:
CLI> fileserver <ip address> <duration>
Starting the file server. You can find it at http://(name of appliance)
Press ENTER to stop the file server.
Open the fileserver in a browser window, and do one of the following:
When you are done, return to the CLI session and press Enter to terminate the session.
See backup config and restore config.
In import file CLI command, user can use wildcard * for the file name in method scp, ftp and snapshot.
Syntax
import file
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a more comprehensive backup of the configuration and the entire system.
When restoring a configuration, you must restore a backup that is of the same version and patch level as the original appliance where the backup was created.
Syntax
backup config
restore config
Use this command only under direction from Technical Support.
Use this command to recover the pre-patch-backup when the appliance database is up or down.
Syntax
restore pre-patchbackup
Please enter the information to retrieve the file:
Is the file in the local system? (y/n)
n
Start to recover with the backup profile parameters.
Please check the recovery status in the log /var/log/guard/diag/depot/patch_installer.log
ok
--------------------------------------
If answer 'n', abort the operation.
If answer 'y', need to enter the file name.This topic applies to backup and restore operations for the Guardium internal database. You can back up or restore either configuration information only, or the entire system (data plus configuration information, except for the shared secret key files, which are backed up and restored separately). These commands stop all inspection engines and web services and restart them after the operation completes.
Before restoring a file, be sure that the appliance has the system shared secret of the system that created that file (otherwise, it will not be able to decrypt the information). See About the System Shared Secret in the Guardium Administrator Guide.
For all backup, import and restore commands, you will receive a series of prompts to supply some combination of the following items, depending on which storage systems are configured, and the type of restore operation. Respond to each prompt as appropriate for your operation. The following table describes the information for which you may be prompted.
One copy of the SCP/FTP/TSM/Centera file transfer is saved, regardless if the transfer was successful or failed. As certain files may take hours to regenerate (for example, system backup), having a readily available copy (in particular if the file transfer failed) is of value to the user. Only one copy of each type of file is retained (archive/system backup/configuration backup/etc.)
Backup system will copy the current license, metering and number of datasources, and then backup the data. Restore system will restore the data and then restore the license, metering and number of datasources. This sequence applies to the regular restore system. Restore from a previous system will require re-configuring license, metering and number of datasources.
| Item | Description |
|---|---|
SCP, FTP, TSM, Centera, Snapshot |
Select the method to use to transfer the file. TSM and Centera will be displayed only if those storage methods that have been enabled (see the store storage-method command) |
Data or Configuration |
Select Configuration to back up definitions and configuration information only, or select Data to back up data in addition to configuration information. |
restore from archive or restore from backup |
Select restore from archive to restore archived data, or select restore from backup to restore configuration information. |
normal or upgrade |
If restoring from the same software version of Guardium, select normal. If restoring configuration information following software upgrade of the Guardium appliance, select upgrade. |
host |
The remote host for the backup file. |
remote directory |
The directory for the backup file. For FTP, the directory is relative to the FTP root directory for the FTP user account used. For SSH, the directory path is a full directory path. For Windows SSH servers, use Unix-style path names with forward slashes, rather than Windows-style backslashes. |
username |
The user account name to use for the operation (for backup operations, this user must have write/execute permission for the directory specified). Note: For Windows, a domain user is accepted with the format of domain\user |
password |
The password for the username. |
file name |
The file name for the archive or backup file. See Archived Data files names. A user can select multiple files by using the wildcard character * in the file name. Support of the wildcard character * is permitted when using transfer methods FTP, SCP and Snapshot. Support of the wildcard character * is not permitted on transfer methods TSM or Centera. |
Centera server |
Enter the Centera server name. If using PEA files, use the following format: <Host name/IP>? <full PEA file name>, for example: 128.221.200.56?/var/centera/us_profile_rwqe.pea.txt Note the ? between the server IPs and Pea file name. This IP address and the .PEA file comes from EMC Centera. The question mark is required when configuring the path. The .../var/centera/... path name is important as the backup may fail if the path name is not followed. The .PEA file gives permissions, username and password authentication per Centera backup request. |
Centera clipID |
For a Centera restore operation, the Content Address returned from the backup operation. For example: 6M4B15U4JM4LBeDGKCPF9VQO3UA |
After you have supplied all of the information required for the backup or restore operation, a series of messages will be displayed informing you of the results of the operation. For example, for a restore system operation the messages should look something like this (depending on the type of restore and storage method used):
gpg: Signature made Thu Feb 22 11:38:01 2009 EST using DSA key ID 2348FF9E
gpg: Good signature from "Backup Signer <support@guardium.com>"
Proceeding to shutdown services
Proceeding to startup services
Safekeeping admin.xreg
Safekeeping client.xreg
Safekeeping controllers.xreg
Safekeeping controls.xreg
Safekeeping guardium-portlets.xreg
Safekeeping local-portlets.xreg
Safekeeping local-security.xreg
Safekeeping local-skins.xreg
Safekeeping media.xreg
Safekeeping portlets.xreg
Safekeeping security.xreg
Safekeeping skins.xreg
guard_sniffer.pl -reorder
Recovery procedure was successful.
okVMware ESX 4.1 Virtual machine running Guardium might get a kernel panic after a reboot.
To correct this situation, VMware recommends: Install update 2 on ESX4.1 or Set CPU/MMU virtualization to Use software only instruction set and MMU Virtualization. This option is found under Settings/ Options/ CPU/MMU Use software for instruction set and MMU Virtualization.