Symantec Security Information Manager Best Practices for Selective Backup and Restore

8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore

1/16

Symantec Security

Information Manager - BestPractices for Selective

Backup and Restore


2/16

Symantec Security Information Manager - Bestpractices for selective backup and restore

Thesoftware described in this book is furnished under a license agreement and may be used

only in accordance with the terms of the agreement.

Documentation version:

PN:

Legal Notice

Copyright 2011 Symantec Corporation. All rights reserved.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec

Corporation or itsaffiliates in theU.S. and other countries. Other names maybe trademarks

of their respective owners.

This Symantec product may contain third party software for which Symantec is required

to provide attribution to the third party (Third Party Programs). Some of the Third Party

Programs are availableunder open source or free software licenses.The License Agreement

accompanying the Software does not alter any rights or obligations you may have under

those opensource or freesoftware licenses. Please seethe Third Party Legal Notice Appendix

to this Documentation or TPIP ReadMe File accompanying this Symantec product for more

information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,

copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization ofSymantec Corporation and its licensors, if any.

THEDOCUMENTATION IS PROVIDED"ASIS" ANDALL EXPRESS OR IMPLIED CONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,

ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BE LEGALLY INVALID.SYMANTEC CORPORATION SHALLNOT BELIABLE FORINCIDENTAL

OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED

IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software

as defined in FAR12.212 andsubject to restricted rights as defined in FARSection 52.227-19

"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in

Commercial Computer Software or Commercial Computer Software Documentation", as

applicable, and any successor regulations. Any use, modification, reproduction release,

performance, display or disclosure of theLicensed Software and Documentation by the U.S.

Government shall be solely in accordance with the terms of this Agreement.


3/16


4/16

Technical Support

Symantec Technical Support maintains support centers globally. Technical

Supports primary role is to respond to specific queries about product features

and functionality. The Technical Support group also creates content for our online

Knowledge Base. The Technical Support group works collaboratively with the

other functional areas within Symantec to answer your questions in a timely

fashion. Forexample,theTechnicalSupport group works with Product Engineering

and Symantec Security Response to provide alerting services and virus definition

updates.

Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the right

amount of service for any size organization Telephone and/or Web-based support that provides rapid response and

up-to-the-minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7

days a week basis

Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our Web site

at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement

and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support

information at the following URL:


Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should be

at the computer on which the problem occurred, in case it is necessary to replicate

the problem.

When you contact Technical Support, please have the following information

available:

Product release level
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/


5/16

Hardware information

Available memory, disk space, and NIC information

Operating system Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registrationor a license key, accessourtechnical

support Web page at the following URL:


Customer service

Customer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as the

following types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs, DVDs, or manuals
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/


6/16

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please

contact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


7/16

Best practices for selective

backup and restore

This document includes the following topics:

About this guide

About selective backup and restore

Best practices for selective backup and restore

About this guide

This guide presents the best practices that can be applied during selective backupand restore of items in Symantec Security Information Manager. Selective backup

and restore is a feature that is introduced with the Information Manager 4.7.3.

About selective backup and restoreSymantec Security Information Manager facilitates selective backup and restore

of items such as event summary, incident, asset, rule, and report data. You can

perform a selective backup of specific items in Information Manager. During

restoration you can select a specific backup file and select items within the backup

file for restoration. When you perform a selective backup, you can select multipleitems for immediate or scheduled backup. The directory administrator (cn=root)

logon credentials for LDAP must be provided for selective backup and restore.

During restoration you can select a specific backed up file and select items within

the backed up file forrestoration. additionally you can restore selected items from

the specified backup file.

You can selectively back up and restore the following items:


8/16

Incidents data (includes incidents, alerts, and tickets data)

Assets data

Services Networks

Policies

Locations

Operating systems

Product configurations (includes collector, agent sensor, appliance, agent, and

help desk configurations data)

Published reports

Published queries

Rules (includes User rules and System rules)

Event filters (includes User filters and System filters)

Monitors (includes User monitors and System monitors)

Lookup tables (includes User lookup tables and System lookup tables)

Paging services

Users

User groups

Roles

Appliance configurations (includes event storage rules, incident forwarding

rules, and correlation forwarding rules)

Managed reports

Best practices for selective backup and restoreThe following guidelines canhelp youto implement backup and restore functions

effectively:

Periodically perform a complete LDAP and a complete database backup to

avoid any data loss during restoration of backup files.

When you re-image a server, the settings available on the earlier server can

be retrieved by using the backup files. For restoration be sure to provide the

same domain name, host IP, and host name of the server from where the backup

was taken.

Best practices for selective backup and restoreBest practices for selective backup and restore

8


9/16

If there is a discrepancy in the domain name, host IP address, and host name

details that you provide, the restoration fails. After the restoration, you must

manually update the host entries on the newly set server.

After taking a backup of the Active Directory users, if Active Directory usersare added or deleted, be sure to disable theScheduledSynchronization option

before restoring the Active Directory users. This option can be disabled by

editing the already created Active Directory configuration. After the

restoration, synchronize all the restored Active Directory users with the

Add/RemoveUserslist in the Active Directory configuration. When this

synchronization is completed, theScheduledSynchronization option can be

enabled again.

Perform the LDAP restore operation immediately after the Information

Manager server is newly setup. Otherwise, when the LDAP backup files are

restored on the newly set server, the following issue occurs:

The links of the events that are associated with the incidents that are

generated before the LDAP restoration are broken.

If you used an NFS-mounted directory for backup, during selective restore or

purge you must ensure that the NFS server is running. If the NFS server is not

running, then you must ensure that the Information Manager server does not

use an NFS mounted directory from that NFS server.

If you specify a custom path for backup file storage, then you must ensure that

the db2admin user is given full permission and the SES user is given read and

execute permission.

A backup is triggered immediately if the user updates the schedule with the

date and time that are earlier than the current date and time.

My Queries, My Reports, and other user-specific filters such as incidents,

alerts, and tickets are stored as user information. If you have edited the user

information after a backup, those changes get deleted when you restore the

backup file. The user information in the backup file replaces all the existing

information.

When you restore backup files of published queries with empty folders, the

empty folders are not restored. However, you can restore the empty foldersfor My Queries and Reports.

When you restore the rules of a server, you must restart the rule, correlation,

and event service on all the servers in a network.

Backup assets, policies, services, operating systems, and locations together as

a single unit. You must also restore these items in a similar method.



10/16

Before you back up theitems, ensure that thereis enough space on thespecified

directory and on /dbsesa.

Backup and restore scenariosSymantec recommends that you understand these typical scenarios for backup

and restore and also their corresponding results. In these scenarios, backup and

restore functions can be executed without any loss of data.

For example, you take a backup of either assets or assets and policies, and you

perform a restore of assets only. Information Manager restores all of the assets

and policies that are mappedto these assets. Information Manager does notrestore

newly created policies or assets, or the policies that are not mapped to the assets

at the time of backup.

Table 1-1depicts different backup and restore scenarios for various items inInformation Manager.

Table 1-1 Backup and restore scenarios

ResultRestoreBackup

The assets and policies are

restored to the state when

the backup was taken.

Assets and policiesAssets and policies

All the assets and policies

that are mapped to theseassets are restored. The

following items are not

restored:

The policies and the

assets that are created

after the backup is taken.

The policies that are not

mapped to the assets at

backup.

AssetsAssets and policies

Only assets


10


11/16

Table 1-1 Backup and restore scenarios(continued)

ResultRestoreBackup

All the policies at the time ofbackup are restored. The

following items are retained

during a restore:

The policies that are

created after the backup.

The existing mapping

between assets and

policies.

In addition, the assets are

retained to their state when


PoliciesAssets and policies

Only policies

The assets and services are



Assets and servicesAssets and services

All the assets and the

services that are mapped to

these assetsare restored.The


restored:

The services and theassets that are created

after the backup is taken.

The services that are not


the time of backup.

AssetsAssets and services

Only assets

All the servicesat the timeof

backup are restored. The

following items are retained:

Services that are created

after the backup are

retained.


between assets and

services.

In addition, the existing state

of assets is retained.

ServicesAsset and services

Only services



12/16


ResultRestoreBackup

The assets and operatingsystems are restored to their

state when the backup was

taken.

Assets and operatingsystemsAssets and operatingsystems


operating systems that are

mapped to these assets are

restored. The operating

systems that arenot mapped

to the assets at the time of

backup are not restored. The

assets are retained to the


taken.

AssetsAssets and operatingsystems

Only assets

All the operating systems at

the time of backup are

restored. The existing

mapping between assets and

operating systems are

retained during restoration.

The assets areretained to the

state when the backup wastaken.

Operating systemsAssets and operatingsystems

Only operating systems

The assets and locations are



Assets and locationsAssets and locations


12


13/16


ResultRestoreBackup

All the assets and thelocations that are mapped to

these assetsare restored.The


restored:

The locations that are

created after the backup

is taken.

Thelocations that arenot


the time of backup.

The assets areretained to the


taken.

AssetsAssets and locations

Only assets

All the locations at the time

of backup are restored. The

locations that are created

after thebackupare retained.


between assets and locations

are retained during

restoration. The assets areretained to the state when


LocationsAssets and locations

Only locations


corresponding policies,

services, operating systems,

and locations that are

mapped to these assets are

restored. Anyother data that

is associated with assets is

not restored.

AssetsAssets

All the roles and the users at

the time of backup are

restored. The roles and the

users that are created after

the backup is taken are

retained.

Roles and usersRoles and users



14/16


15/16


16/16


16

Documents

Symantec Security Information Manager Best Practices for Selective Backup and Restore