.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
What are the right commands to backup and restore ESA alert data in RSA NetWitness
Issue
In regards to ESA backup & restore, what are the right commands for both using mongorestore?There is a online manual for this as follows but it doesn't tell us the right command.
------------------------------------------------------------------------------------
https://sadocs.emc.com/0_en-us/090_10.4_User_Guide/215_SysAdmin/BackupRest/ESABupRecov
In Security Analytics 10.4, ESA alert data is stored in the co-located Mongo instance (database name: esa). For details on backup and restore, refer to mongodump and mongorestore.
-------------------------------------------------------------------------------------
Resolution
Please follow the steps below to backup and restore ESA DB.To backup the database:
1. Stop the ESA service.
service rsa-esa stop
2. Backup the database
Option1: Backup alert db only
mongodump -vvvv -d esa -c alert -u esa -p esa -o /root/alert-db
Option:2: Backup the entire database
mongodump -vvvv -d esa -u admin -p --authenticationDatabase admin -o /root/alert-db
3. Start the ESA service.
service rsa-esa start
To restore the database:
1. Stop the ESA service.
service rsa-esa stop
2. Restore the database
mongorestore -vvvv -d esa -u esa -p esa --noLoader /root/alert-db/esa
3. Start the ESA service.
service rsa-esa start
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: ESA
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
Platform (Other): MongoDB
O/S Version: EL6
Approval Reviewer Queue
ASOC Approval Group