ArcSight 6.8 Backup and Recovery document

Hi Folks,

I am planning to upgrade ESM  v6.8c to ESM v6.11, before the upgrade I would like to backup my current tool. Would you know of a document on ESM v6.8c backup and recovery.

I came across the following document, however looks like this is valid for ESM v 6.9.1c (/cyberres/productdocs/w/esm_esmexpress_previous_releases/23502/esm-with-corr-engine-backup-and-recovery)

Regards,
Dheeraj

Tags:

  • So until recently there was no ESM / Express Backup process that was scripted  - if all you want is to back up system table settings and resources  there are posts for "backing up System Tables"

     

    This is a copy of the script for doing enough of a back up and storing off the ESM / Express Appliance to do a recovery

     

    #!/bin/bash
    #ArcSight ESM 6.0c MySQL System Tables Export Script
    ARCSIGHT_MANAGER_BIN="/opt/arcsight/manager/bin"
    ARCSIGHT_MANAGER_TMP="/opt/arcsight/manager/tmp"
    BACKUP_DIR="/opt/arcsight/logger/data/archives/arcsight_system_tables"
    FAILED_MSG="ArcSight Express ($HOSTNAME) System Table Export Failed!" # Used as the subject of the email sent to the recipients if the script fails.
    SUCCESSFUL_MSG="ArcSight Express ($HOSTNAME) System Tables Export Completed Successfully" # Used as the subject of the email sent to the recipients if the script succeeds.
    RECIPIENTS="(EMAIL OR ALERT HERE)" # email recipients. Use a space when specifying multiple email addresses.
    SCRIPT_TIME=`date %m-%d-%Y-%H_%M`
    BACKUP_FILENAME="$BACKUP_DIR/arcsight_system_tables_$SCRIPT_TIME.tar.gz"
    EXPORT_LOG='/opt/arcsight/manager/logs/default/export_system_tables.log' # Log file that contains the results of this script

    # Creates the script log file
    echo "============================== `date` ==================================" > $EXPORT_LOG


    # Checks if backup directory exists, if not, the directory is created.
    if [ ! -d $BACKUP_DIR ]
    then
    echo "$BACKUP_DIR directory does not exist, creating..." | tee -a $EXPORT_LOG | logger
    mkdir -p $BACKUP_DIR
    fi

    # Exports mysql system tables and replaces the username and password used in the script with a hyphen so that it doesnt show in the logs.
    $ARCSIGHT_MANAGER_BIN/arcsight export_system_tables arcsight \(DB PASSWORD) arcsight | sed -r 's/mysql\_(password|username): [a-zA-Z0-9] ?/-/g' | tee -a $EXPORT_LOG | logger


    EXPORT_FAILED=`grep -o failed $EXPORT_LOG`

    # Checks if the word "failed" exists in the script's log, if it does, script sends a notification email to the recipients and exits with an exit status of 321.
    if [ "$EXPORT_FAILED" == "failed" ]
    then
    echo "ArcSight System Tables export failed." | tee -a $EXPORT_LOG | logger
    mail -s "$FAILED_MSG" $RECIPIENTS < $EXPORT_LOG
    exit 321
    fi

    echo "Moving System Tables to `echo $BACKUP_FILENAME`" | tee -a $EXPORT_LOG | logger

    # Compresses and moves the export files from /opt/arcsight/manager/tmp to /opt/arcsight/logger/data/archives/arcsight_system_tables.
    mv $ARCSIGHT_MANAGER_TMP/arcsight_dump_system_tables.sql $ARCSIGHT_MANAGER_TMP/arcsight_dump_system_tables_$SCRIPT_TIME.sql
    mv $ARCSIGHT_MANAGER_TMP/export_system_tables.param $ARCSIGHT_MANAGER_TMP/export_system_tables_$SCRIPT_TIME.param
    tar --remove-files -zcf $BACKUP_FILENAME -C $ARCSIGHT_MANAGER_TMP ./{arcsight_dump_system_tables_$SCRIPT_TIME.sql,export_system_tables_$SCRIPT_TIME.param}

    # Verifies that there are two files in the tar file, if it fails, script sends a notification email to the recipients and exits with an exit status of 322.
    BACKUP_FILE_COUNT=`tar -tf $BACKUP_FILENAME | wc -l`
    if [ "$BACKUP_FILE_COUNT" -eq 2 ]
    then
    echo "ArcSight System Tables exported successfully!" | tee -a $EXPORT_LOG | logger
    else
    echo "ArcSight System Tables export failed!" | tee -a $EXPORT_LOG | logger
    mail -s "$FAILED_MSG" $RECIPIENTS < $EXPORT_LOG
    exit 322
    fi

    #Adds an entry to the user's crontab file which sets the script to execute every Sunday at midnight.
    CRON_SCRIPT=`crontab -l | grep arcsight_table_export.sh`
    CRONTAB_PATH="/var/spool/cron/`id -nu`"

    if [ -z "$CRON_SCRIPT"]
    then
    echo "Adding ArcSight System Table Export script to $CRONTAB_PATH" | tee -a $EXPORT_LOG | logger
    { crontab -l; echo "0 0 * * 0 /opt/arcsight/manager/bin/arcsight_table_export.sh"; } | crontab | tee -a $EXPORT_LOG | logger
    fi

    echo "Done!" | tee -a $EXPORT_LOG | logger

    # Sends notification email to recipients upon completion
    mail -s "$SUCCESSFUL_MSG" $RECIPIENTS < $EXPORT_LOG

    # Mount remote location -- DOne Under ROOT
    mount -t cifs //(FQDN DEVICE NAME)/(SHARE NAME) /mnt/(MOUNT POINT NAME) -o username=(DOMAIN USER NAME in the form of an EMAIL ADDRESS)password=

    # Move the backup file to the location
    cp $BACKUP_FILENAME /mnt/(Network Device)/(SHARE NAME)/$BACKUP_FILENAME

    # Unmount remote location -- done under ROOT 
    umount /mnt/(MOUNT POINT NAME)