Configuring system backup

System backups store all the necessary data and configuration values to restore a Guardium Server. Configure and schedule regular system backups during the implementation stage.

About this task

A system backup is a full backup of the Guardium database and selected configuration files, such as groups, queries, reports, audit processes, alerts, and policies. In virtualized environments, you can create a backup by making an actual snapshot of the Guardium® system. Use the snapshot to restore a failed system. In this case, it is not necessary to keep more than three rolling copies. It is important to back up the aggregators. A weekly backup is recommended, especially for the central manager. However, some users might opt for a slightly longer cycle. Tip: In a managed environment with aggregation, you might choose not to back up managed collectors. Always back up stand-alone collectors.

Suggested data retention for disaster recovery

Keep a rolling three months full backup from each unit (minimum one month).
Keep a rolling 2-weeks worth of daily archives from the managed collectors.
Full or system backups
- Weekly or daily full backups of the central manager unit (assuming a stand-alone central manager).
- Monthly for aggregators and collectors during a quiet off-hour period.

Data and configuration values are stored in separate encrypted files and sent to the specified destination by using the transfer method that is configured for backups on the system. For more information about the encryption used for backup files, see the File backup cipher section of Cipher suites

Note: You cannot make new buckets nor delete any buckets from the Guardium UI/CLI.

Note: During a file transfer, if the backup file transfer fails, the last file in each set of backup or archive files (for example, backup, configuration backup, archive, CSV archive) is saved in the diag/current folder. When the backup file destination is again online, you can manually transfer the backup files from the diag/current folder to the destination. The set of backup or archive files is saved in the diag/current folder only if the file transfer fails. If a file transfer fails during another backup file transfer, the set of backup or archive files is saved in the diag/current folder. However, to avoid saving too many files and running out of disk space, only the latest file of each type are saved. The earlier backup files are overwritten.

To prevent backup scripts from filling up /var:

Before it starts, the backup process checks for room in /var. This process also warns the user if the space is insufficient for backup.
The archive process checks the size of the static tables and verifies that /var has space to create the archive.
An error is logged in the log file and GUI if the backup is over 50%. For example:
```
ERROR: /var backup space is at 60% used. Insufficient disk space for backup.
```

Procedure

Go to Manage > Data Management > System Backup.
Select a storage method and enter the configuration details. Depending on how the Guardium system is configured, only some of the options are available. For more information about configuring the archive and backup storage methods, see Configuring external storage, and store storage-system and show storage-system commands (store storage-system).
Select one or both of the backup options:
- Configuration: to back up important definitions.
- Data: to back up all data. (Not needed if you are archiving data regularly.)
Use the Scheduling section to define a schedule for backup.
Click Save to verify and save the configuration changes. The system attempts to verify the configuration by sending a test data file to that location. If the operation fails, an error message displays and the configuration is not saved.
Optional: Click Run Once Now to run the operation once.

What to do next

Verify that the operation completed successfully. Go to Manage > Reports > Data Management > Aggregation/Archive Log. Each backup operation shows multiple activities. Check that the status of each activity is Succeeded.