A.1 Parameters for the Backup and Restore Utility Script

The following table lists the various command line parameters that you can use with the backup_util.sh script:

Table A-1 Backup and Restore Script Parameters

Parameters

Description

-m backup

Backs up of the specified data.

-m restore

Restores the specified data. The restore mode of the script is interactive and allows you to specify the data to be restored from the backup file.

The restore parameter can be used in the following scenarios:

  • System Failure: In the event of a system failure, you must first reinstall Sentinel and then use the backup_util.sh script with the restore parameter to restore the most recent data that you backed up.

  • Data Loss: In the event of data loss, use the backup_util.sh script with the restore parameter to restore the most recent data that you had backed up.

    You must restart the Sentinel server after you restore any data because the script might make several modifications to the database.

NOTE:The restore parameter is not backward compatible for local storage and networked storage data. Therefore, the local storage data and networked storage data can be restored only on the same or a later version of Sentinel, and cannot be restored on an older version of Sentinel.

-m info

Displays information for the specified backup file.

-m simple_event_backup

Backs up events located in a specified directory.

-m simple_event_restore

Restores events into a specified directory.

-c

Backs up the configuration data.

-e

Backs up the event data. All event partitions are backed up except the current online partition. If the backup is being performed with the Sentinel server shut down, the current online partition is also included in the backup.

-dN

Backs up the event data for the specified number of days. The -dN option includes the local storage event data from up to N days ago in the backup. Based on the current data retention policy settings, many days of events might be stored on the system. Backing up all of the event data might not always be necessary and might not be desirable. This option allows you to specify how many days to include when backing up the event data. For example, -d7 includes only the event data from the last week in the backup. -d0 just includes the data for the current day. -d1 includes the data from the current day and previous day. -d2 includes the data from the current day and two days ago.

Online backups (that is, backups performed while the system is running) only back up the closed event partitions, which means partitions two days old or older. For online backups, a value of -d2 is the appropriate specification for the number of days.

-u

Specifies the username to use when backing up the event associations data. If the username is not specified, "admin" is used as the default value.

This parameter is required only when backing up the event associations data.

-p

Specifies the user password when backing up the event associations data.

This parameter is required only when backing up the event associations data.

-x

Specifies a file name that contains the user password when backing up the event associations. This is an alternative to the -p option.

This parameter is required only when backing up the event associations data.

-f

Enables you to specify the location and name of the backup file.

-l

Includes the log files in the backup. By default, the log files are not backed up unless you specify this option.

-r

Includes the runtime data in the backup. Runtime data can only be backed up if the Sentinel server is shut down, because the data is dynamic. This means that this parameter can only be used in combination with the -s option (described below). If -s is not specified, this parameter is ignored.

-b

Backs up only the baseline Security Intelligence database collections and not the entire MongoDB database. The following baseline data is backed up:

  • configs

  • anomalydefs

  • baselines

  • baselines.ID.URN

  • paths.UUID.URN

  • anomalydeployment

-i

Backs up the entire Security Intelligence database in the backup.

-s

Shuts down the Sentinel server before performing the backup. Shutting down the server is necessary to back up certain dynamic data such as the Runtime data and the current local storage partitions. By default, the server is not shut down before performing the backup. If this option is used, the server restarts automatically after the backup is complete.

-w

Backs up the raw event data.

-z

Only available with the simple_event_backup and simple_event_restore options. Specifies the location of the event data directory, such as where the event data is collected during a simple_event_backup and where the event data is placed during a simple_event_restore.