The following lists the various command line parameters that you can use with the backup_util.sh script:
Table 34-1 Backup and Restore Script Parameters
|
Parameters |
Description |
|---|---|
|
-m backup |
Backs up of the specified data. |
|
-m restore |
Restores the specified data. The restore mode of the script is interactive and allows you to specify the data to be restored from the backup file. |
|
-m info |
Displays information for the specified backup file. |
|
-m simple_event_backup |
Backs up events located in a specified directory. |
|
-m simple_event_restore |
Restores events into a specified directory. |
|
-c |
Backs up the configuration data. If you are using scalable storage, this parameter also backs up scalable storage and Kibana configurations. It also backs up the default event visualizations and dashboards.It does not back up any custom event visualizations and dashboards. You have to manually export the custom dashboards and visualizations. For more information, see Managing Saved Searches, Visualizations, and Dashboards section in Kibana documentation. |
|
-e |
Backs up the event data. All event partitions are backed up except the current online partition. If the backup is being performed with the Sentinel server shut down, the current online partition is also included in the backup. |
|
-dN |
Backs up the event data for the specified number of days. The -dN option backs up the primary storage event data stored for the last N days. Based on the current data retention policy settings, many days of events might be stored on the system. Backing up all of the event data might not always be necessary and might not be desirable. This option allows you to specify how many days to include when backing up the event data. For example, -d7 includes only the event data from the last week in the backup. -d0 just includes the data for the current day. -d1 includes the data from the current day and previous day. -d2 includes the data from the current day and two days ago. Online backups (that is, backups performed while the system is running) only back up the closed event partitions, which means partitions one day old or older. For online backups, a value of -d1 is the appropriate specification for the number of days. |
|
-u |
Specifies the user name to use when backing up the event associations data. If the user name is not specified, "admin" is used as the default value. This parameter is required only when backing up the event associations data. NOTE:If your environment uses multi-factor authentication (MFA), specify the LDAP user name. For more information about MFA, see Multi-factor Authentication. |
|
-p |
Specifies the user password when backing up the event associations data. This parameter is required only when backing up the event associations data. NOTE:If your environment uses MFA, specify the LDAP user name. For more information about MFA, see Multi-factor Authentication. |
|
-x |
Specifies a file name that contains the user password when backing up the event associations. This is an alternative to the -p option. This parameter is required only when backing up the event associations data. |
|
-f |
Enables you to specify the location and name of the backup file. |
|
-l |
Includes the log files in the backup. By default, the log files are not backed up unless you specify this option. |
|
-r |
Includes the runtime data in the backup. Runtime data can only be backed up if the Sentinel server is shut down, because the data is dynamic. This means that this parameter can only be used in combination with the -s option (described below). If -s is not specified, this parameter is ignored. |
|
-b |
Backs up the NetFlow data collections and the baseline Security Intelligence, and not the entire MongoDB database. The following baseline data is backed up:
|
|
-A |
Backs up alerts and the events that triggered the alert. |
|
-i |
Backs up the entire MongoDB database including the Security Intelligence database collections, NetFlow data collections, and alerts. |
|
-s |
Shuts down the Sentinel server before performing the backup. Shutting down the server is necessary to back up certain dynamic data such as the Runtime data and the current primary storage partitions. By default, the server is not shut down before performing the backup. If this option is used, the server restarts automatically after the backup is complete. |
|
-w |
Backs up the raw event data. |
|
-z |
Only available with the simple_event_backup and simple_event_restore options. Specifies the location of the event data directory, such as where the event data is collected during a simple_event_backup and where the event data is placed during a simple_event_restore. |