Upload
davide-tonini
View
215
Download
0
Embed Size (px)
Citation preview
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
1/16
Symantec Security
Information Manager - BestPractices for Selective
Backup and Restore
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
2/16
Symantec Security Information Manager - Bestpractices for selective backup and restore
Thesoftware described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Documentation version:
PN:
Legal Notice
Copyright 2011 Symantec Corporation. All rights reserved.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec
Corporation or itsaffiliates in theU.S. and other countries. Other names maybe trademarks
of their respective owners.
This Symantec product may contain third party software for which Symantec is required
to provide attribution to the third party (Third Party Programs). Some of the Third Party
Programs are availableunder open source or free software licenses.The License Agreement
accompanying the Software does not alter any rights or obligations you may have under
those opensource or freesoftware licenses. Please seethe Third Party Legal Notice Appendix
to this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization ofSymantec Corporation and its licensors, if any.
THEDOCUMENTATION IS PROVIDED"ASIS" ANDALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID.SYMANTEC CORPORATION SHALLNOT BELIABLE FORINCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR12.212 andsubject to restricted rights as defined in FARSection 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of theLicensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
3/16
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
4/16
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Supports primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. Forexample,theTechnicalSupport group works with Product Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantecs support offerings include the following:
A range of support options that give you the flexibility to select the right
amount of service for any size organization Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
Upgrade assurance that delivers software upgrades
Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
Premium service offerings that include Account Management Services
For information about Symantecs support offerings, you can visit our Web site
at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
Product release level
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
5/16
Hardware information
Available memory, disk space, and NIC information
Operating system Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
Error messages and log files
Troubleshooting that was performed before contacting Symantec
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registrationor a license key, accessourtechnical
support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
Questions regarding product licensing or serialization
Product registration updates, such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade assurance and support contracts
Information about the Symantec Buying Programs
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs, DVDs, or manuals
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
6/16
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
[email protected] and Japan
[email protected], Middle-East, and Africa
[email protected] America and Latin America
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
7/16
Best practices for selective
backup and restore
This document includes the following topics:
About this guide
About selective backup and restore
Best practices for selective backup and restore
About this guide
This guide presents the best practices that can be applied during selective backupand restore of items in Symantec Security Information Manager. Selective backup
and restore is a feature that is introduced with the Information Manager 4.7.3.
About selective backup and restoreSymantec Security Information Manager facilitates selective backup and restore
of items such as event summary, incident, asset, rule, and report data. You can
perform a selective backup of specific items in Information Manager. During
restoration you can select a specific backup file and select items within the backup
file for restoration. When you perform a selective backup, you can select multipleitems for immediate or scheduled backup. The directory administrator (cn=root)
logon credentials for LDAP must be provided for selective backup and restore.
During restoration you can select a specific backed up file and select items within
the backed up file forrestoration. additionally you can restore selected items from
the specified backup file.
You can selectively back up and restore the following items:
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
8/16
Incidents data (includes incidents, alerts, and tickets data)
Assets data
Services Networks
Policies
Locations
Operating systems
Product configurations (includes collector, agent sensor, appliance, agent, and
help desk configurations data)
Published reports
Published queries
Rules (includes User rules and System rules)
Event filters (includes User filters and System filters)
Monitors (includes User monitors and System monitors)
Lookup tables (includes User lookup tables and System lookup tables)
Paging services
Users
User groups
Roles
Appliance configurations (includes event storage rules, incident forwarding
rules, and correlation forwarding rules)
Managed reports
Best practices for selective backup and restoreThe following guidelines canhelp youto implement backup and restore functions
effectively:
Periodically perform a complete LDAP and a complete database backup to
avoid any data loss during restoration of backup files.
When you re-image a server, the settings available on the earlier server can
be retrieved by using the backup files. For restoration be sure to provide the
same domain name, host IP, and host name of the server from where the backup
was taken.
Best practices for selective backup and restoreBest practices for selective backup and restore
8
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
9/16
If there is a discrepancy in the domain name, host IP address, and host name
details that you provide, the restoration fails. After the restoration, you must
manually update the host entries on the newly set server.
After taking a backup of the Active Directory users, if Active Directory usersare added or deleted, be sure to disable theScheduledSynchronization option
before restoring the Active Directory users. This option can be disabled by
editing the already created Active Directory configuration. After the
restoration, synchronize all the restored Active Directory users with the
Add/RemoveUserslist in the Active Directory configuration. When this
synchronization is completed, theScheduledSynchronization option can be
enabled again.
Perform the LDAP restore operation immediately after the Information
Manager server is newly setup. Otherwise, when the LDAP backup files are
restored on the newly set server, the following issue occurs:
The links of the events that are associated with the incidents that are
generated before the LDAP restoration are broken.
If you used an NFS-mounted directory for backup, during selective restore or
purge you must ensure that the NFS server is running. If the NFS server is not
running, then you must ensure that the Information Manager server does not
use an NFS mounted directory from that NFS server.
If you specify a custom path for backup file storage, then you must ensure that
the db2admin user is given full permission and the SES user is given read and
execute permission.
A backup is triggered immediately if the user updates the schedule with the
date and time that are earlier than the current date and time.
My Queries, My Reports, and other user-specific filters such as incidents,
alerts, and tickets are stored as user information. If you have edited the user
information after a backup, those changes get deleted when you restore the
backup file. The user information in the backup file replaces all the existing
information.
When you restore backup files of published queries with empty folders, the
empty folders are not restored. However, you can restore the empty foldersfor My Queries and Reports.
When you restore the rules of a server, you must restart the rule, correlation,
and event service on all the servers in a network.
Backup assets, policies, services, operating systems, and locations together as
a single unit. You must also restore these items in a similar method.
Best practices for selective backup and restoreBest practices for selective backup and restore
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
10/16
Before you back up theitems, ensure that thereis enough space on thespecified
directory and on /dbsesa.
Backup and restore scenariosSymantec recommends that you understand these typical scenarios for backup
and restore and also their corresponding results. In these scenarios, backup and
restore functions can be executed without any loss of data.
For example, you take a backup of either assets or assets and policies, and you
perform a restore of assets only. Information Manager restores all of the assets
and policies that are mappedto these assets. Information Manager does notrestore
newly created policies or assets, or the policies that are not mapped to the assets
at the time of backup.
Table 1-1depicts different backup and restore scenarios for various items inInformation Manager.
Table 1-1 Backup and restore scenarios
ResultRestoreBackup
The assets and policies are
restored to the state when
the backup was taken.
Assets and policiesAssets and policies
All the assets and policies
that are mapped to theseassets are restored. The
following items are not
restored:
The policies and the
assets that are created
after the backup is taken.
The policies that are not
mapped to the assets at
backup.
AssetsAssets and policies
Only assets
Best practices for selective backup and restoreBest practices for selective backup and restore
10
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
11/16
Table 1-1 Backup and restore scenarios(continued)
ResultRestoreBackup
All the policies at the time ofbackup are restored. The
following items are retained
during a restore:
The policies that are
created after the backup.
The existing mapping
between assets and
policies.
In addition, the assets are
retained to their state when
the backup was taken.
PoliciesAssets and policies
Only policies
The assets and services are
restored to the state when
the backup was taken.
Assets and servicesAssets and services
All the assets and the
services that are mapped to
these assetsare restored.The
following items are not
restored:
The services and theassets that are created
after the backup is taken.
The services that are not
mapped to the assets at
the time of backup.
AssetsAssets and services
Only assets
All the servicesat the timeof
backup are restored. The
following items are retained:
Services that are created
after the backup are
retained.
The existing mapping
between assets and
services.
In addition, the existing state
of assets is retained.
ServicesAsset and services
Only services
Best practices for selective backup and restoreBest practices for selective backup and restore
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
12/16
Table 1-1 Backup and restore scenarios(continued)
ResultRestoreBackup
The assets and operatingsystems are restored to their
state when the backup was
taken.
Assets and operatingsystemsAssets and operatingsystems
All the assets and the
operating systems that are
mapped to these assets are
restored. The operating
systems that arenot mapped
to the assets at the time of
backup are not restored. The
assets are retained to the
state when the backup was
taken.
AssetsAssets and operatingsystems
Only assets
All the operating systems at
the time of backup are
restored. The existing
mapping between assets and
operating systems are
retained during restoration.
The assets areretained to the
state when the backup wastaken.
Operating systemsAssets and operatingsystems
Only operating systems
The assets and locations are
restored to the state when
the backup was taken.
Assets and locationsAssets and locations
Best practices for selective backup and restoreBest practices for selective backup and restore
12
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
13/16
Table 1-1 Backup and restore scenarios(continued)
ResultRestoreBackup
All the assets and thelocations that are mapped to
these assetsare restored.The
following items are not
restored:
The locations that are
created after the backup
is taken.
Thelocations that arenot
mapped to the assets at
the time of backup.
The assets areretained to the
state when the backup was
taken.
AssetsAssets and locations
Only assets
All the locations at the time
of backup are restored. The
locations that are created
after thebackupare retained.
The existing mapping
between assets and locations
are retained during
restoration. The assets areretained to the state when
the backup was taken.
LocationsAssets and locations
Only locations
All the assets and the
corresponding policies,
services, operating systems,
and locations that are
mapped to these assets are
restored. Anyother data that
is associated with assets is
not restored.
AssetsAssets
All the roles and the users at
the time of backup are
restored. The roles and the
users that are created after
the backup is taken are
retained.
Roles and usersRoles and users
Best practices for selective backup and restoreBest practices for selective backup and restore
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
14/16
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
15/16
8/13/2019 Symantec Security Information Manager Best Practices for Selective Backup and Restore
16/16
Best practices for selective backup and restoreBest practices for selective backup and restore
16