Restoring a backup archive

You can restore a backup archive. Restoring a backup archive is useful if you have a system hardware failure or you want to restore a backup archive on a replacement appliance.

About this task

You can restart the Console only after the restore process is complete.

The restore process can take up to several hours; the process time depends on the size of the backup archive that must be restored. When complete, a confirmation message is displayed.

A window provides the status of the restore process. This window provides any errors for each host and instructions for resolving the errors.

The following parameters are available in the Restore a Backup window:

Table 1. Restore a Backup parameters
Parameter Description
Name The name of the backup archive.
Description The description, if any, of the backup archive.
Type The type of backup. Only configuration backups can be restored, therefore, this parameter displays config.
Select All Configuration Items When selected, this option indicates that all configuration items are included in the restoration of the backup archive.
Restore Configuration

Lists the configuration items to include in the restoration of the backup archive. To remove items, you can clear the check boxes for each item you want to remove or clear the Select All Configuration Items check box.
Select All Data Items

When selected, this option indicates that all data items are included in the restoration of the backup archive.

Restore Data

Lists the configuration items to include in the restoration of the backup archive. All items are cleared by default. To restore data items, you can select the check boxes for each item you want to restore.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the System Configuration section, click Backup and Recovery.
  3. Select the archive that you want to restore.
  4. Click Restore.
  5. On the Restore a Backup window, configure the parameters.

    Select the Custom Rules Configuration check box to restore the rules and reference data that is used by apps. Select the Users Configuration check box to restore authorized tokens that are used by apps.

    The following table lists the restore configurations and what is included in each:
    Note: The content included in each configuration is not limited to the content that is listed.
    Restore Configuration Content Included
    Custom Rules Configuration
    • Rules
    • Reference Sets
    • Reference Data
    • Saved Searches
    • Forwarding Destinations
    • Routing Rules
    • Custom Properties
    • Historical Searches
    • Historical Rules
    • Retention Bucket Configuration
    Deployment Configuration All content.

    If you select this option, it is recommended that you select all other configuration options.
    Users Configuration
    • Users
    • User Roles
    • Security Profiles
    • Authorized Services
    • Dashboards
    • User Settings
    • User Quick Searches
    License
    • License keys
    • License Pool Allocations
    • License history
    Report Templates Report templates

    This does not include generated report content.
    System Settings
    • System Settings
    • Asset Profiler Configuration
    QVM Scan profiles and results QVM Scan profiles and results
    Installed Applications Configuration App configurations

    This does not include app data.

    Apps depending on authorized services might not work as expected if Users Configuration is not selected.

    When Installed Applications Configuration is selected, the Deployment Configuration group is auto-selected.
    Assets

    Asset model

    When Assets is selected, the Deployment Configuration group is auto-selected.
    Offenses
    • Offense data
    • Offense associations (for example, QID links, rule links, or asset links)
    • Offense searches
      Important: When Offenses is selected, the Deployment Configuration group is auto-selected.
  6. Click Restore.
  7. Click OK.
  8. Click OK.
  9. Choose one of the following options:
    • If the user interface was closed during the restore process, open a web browser and log in to IBM® QRadar®.
    • If the user interface was not closed, the login window is displayed. Log in to QRadar.
  10. Follow the instructions on the status window.

What to do next

After you verify that your data is restored to your system, ensure that your DSMs, vulnerability assessment (VA) scanners, and log source protocols are also restored.

If the backup archive originated on an HA cluster, you must click Deploy Changes to restore the HA cluster configuration after the restore is complete. If disk replication is enabled, the secondary host immediately synchronizes data after the system is restored. If the secondary host was removed from the deployment after a backup, the secondary host displays a failed status on the System and License Management window.