Backing Up and Restoring FortiSIEM Directories and Databases
Backing Up and Restoring SVN
Backing Up and Restoring the CMDB
Backing Up and Restoring the Event Database
Backing Up and Restoring SVN
Backup and restore SVN
FortiSIEM uses an inbuilt SVN to store network device configuration and installed software versions.
Backup
The SVN files are stored in /data/svn. Copy the entire directory to another location.
Restore
Copy the entire /data/svn from the backup location and rename the directory to /data/svn.
Backing Up and Restoring the CMDB
The FortiSIEM Configuration Management Database (CMDB) contains discovered information about devices, servers, networks and applications. You should create regular backups of the CMDB that you can use to restore it in the event of database corruption.
Backup
The database files are stored in /data/cmdb/data. FortiSIEM automatically backs up this data twice daily and the backup files are stored in /data/archive/cmdb. To
If your database becomes corrupted, restore it from backup by performing these steps on you Supervisor node.
- Stop all processes with this phTools command:
These processes will continue to run, which is expected behavior:
- Copy the latest phoenixdb_<timestamp> file to a directory like /tmp on the Supervisor host.
- Go to /opt/phoenix/deployment.
- Run db_restore /tmp/phoenixdb_<timestamp>.
- When this process completes, reboot the system.
Backing Up and Restoring the Event Database
Backup
Restore
Backup
The event data is stored in /data/eventdb. Since this data can become very large over time, you should use a program such as rsync to incrementally move the data to another location. From version 4.2.1 the rsync program is installed on FortiSIEM by default.
Use this command to back up the eventdb.
Restore
To restore eventdb there are two options:
Mount the directory where the event database was backed up. Copy the backup to the /data/eventdb directory.
These instructions are for copying the backup to the /data/eventdb directory.
- Stop all running processes.
- Copy the the event DB to the event DB location /data/eventdb
If you use the cp command it may appear that the command has hung if there is a lot of data to copy
Alternatively you can use rsync and display the process status.
- Once complete, restart all processes.
Check that all processes have started.