35.0 Backing Up and Restoring Data

The Sentinel backup and restore utility is a script that backs up the Sentinel data and also lets you restore the data at any given point in time. This utility helps you back up only the Sentinel data in Sentinel server. This utility is not applicable for Collector Manager, Correlation Engine, and operating system configuration data.

You can use the backup and restore utility in the following scenarios:

  • System Failure: In this scenario, you must first reinstall Sentinel and then use the backup_util.sh script with the restore parameter to restore the most recent data that you backed up.

  • Data Loss: In this scenario, use the backup_util.sh script with the restore parameter to restore the most recent data that you had backed up.

You can back up the following data:

  • Configuration data: Data stored in the config, data, 3rdparty/postgresql, and 3rdparty/jetty directories, and the data in the Sentinel database. This data includes configuration files, property files, and keystore files. For traditional storage, it also includes correlation rules and dynamic lists. The Sentinel database contains various configuration information related to users, plug-ins, Collectors, Connectors, and filters.

    NOTE:The configuration data is critical and you should always include the configuration data in the backup.

  • Event data: Dynamic event data and raw event data stored in the data/eventdata and /var/opt/novell/sentinel/data/rawdata directories. The event data also includes event associations stored in the /var/opt/novell/sentinel/data/eventdata/exported_associations directory. The event associations data includes correlated event association data and the incident event association data.

  • Secondary storage data: The closed event data files that have been moved to the secondary storage.

  • Runtime data: Dynamic file-based queues used by plug-ins, Sentinel Link, and other Sentinel components. This includes the data in the data/plugindata and the /var/opt/novell/sentinel/data/sentinel_link.queues directories.

  • Security Intelligence data: The Security Intelligence data stored in the MongoDB database.

  • Sentinel logs: Log files generated by Sentinel and stored in the /var/opt/novell/sentinel/log directory.


If you are using scalable storage, you can back up only the configuration data and Sentinel logs.

You can restore data only on the same version of Sentinel in which the data was backed up because there might be changes between Sentinel versions, which might make the data incompatible. Similarly, you can restore data only on the same type of data storage using which the data was backed up. For example, data that you back up in traditional storage can be restored only in traditional storage.