Before updating Symantec Security Information Manager (SSIM) with hotfixes or maintenance releases

Article:TECH89265  |  Created: 2008-01-02  |  Updated: 2010-10-25  |  Article URL http://www.symantec.com/docs/TECH89265
Article Type
Technical Solution

Product(s)

Languages

Problem



You want to know what do you need to save to fully recover your SSIM Appliance

 


Cause



Some files, configurations or changes made in the Symantec Security Information Manager can be removed or altered during an product update.


Solution



Backup the following items before updating, configuring Symantec Security Information Manager or when any changes are made.

SSIM 4.6 & SSIM 4.7

    • Backup the DB2 Database using the Web Configuration page
      4.6 - Database Utilities -> Backup
      4.7 - Maintenance -> Backup and Restore -> Backup
      The backup is stored in multiple files in /dbsesa/backup/
    • Backup the LDAP database using the Web Configuration page
      4.6 - Database Utilities ->LDAP Backup
      4.7 - Maintenance -> Backup and Restore -> LDAP Backup
      The backup is stored on the appliance in /dbsesa/backup/ldap
    • Custom User Rules, when you export them they will be exported as two files MyRule.xml and MyRule.cfg, both of these files must be in the same folder when you import them back in if necessary.
    • Custom queries in My Queries, must be exported or publish them so they are included in the LDAP Backup
    • Custom reports in My Reports, must be exported or publish them so they are included in the LDAP Backup
      Note: Exported reports, or backed up reports do not include the queries referenced by the reports.
    • Dashboard properties are included in the LDAP backup
      Note: custom queries referenced by the Dashboard must be backed up by one of the method covered previously.
    • Tar up the eventarchives using this command and move them off the appliance
      # tar cf eventarchive.tar /eventarchive

These files should be backed up whenever you create or change anything in the Symantec Security Information Manager UI and are copied to the local machine from which you are running the Symantec Security Information Manager UI:

    • Backup all Queries by exporting the query as a *.qml file
    • Backup all Reports by exporting the report as a *.rml file
    • Export Sensors for Product configuration pages as .xml files
    • Export Assests as a .csv file incase you need to reinstall or rebuild and need to have assets.
    • Export any User Rules after they are tested and deployed. These will be exported as a .xml and.cfg file.

You also need to backup your certificate. If you don't backup the certificate after recovering from a disaster you won't be able to verify your old archive. (i.e. digital signature) See KB :TECH142577

SSIM 4.5
These files are on the appliance and you must move the files off the appliance using a 3rd party product such as Winscp.exe or rsync or scp to move any files off of the Symantec Security Information Manager v4.5

    • Backup the DB2 Database by logging into the Web Configuration page -> Database Utilities -> Backup
      The backup is stored in multiple files in /dbsesa/backup/
    • Backup the LDAP by logging into the Web Configuration page -> Database Utilities ->LDAP Backup
      The backup is stored on the appliance in /dbsesa/backup/ldap
    • Backup these folders by copying them off the appliance
      /opt/Symantec/sesa/servletengine/webapps/imr/xml/usersettings
      /opt/Symantec/sesa/servletengine/simsuersettings/*
    • Custom filters for Incidents and Tickets are stored in the users folder in
      /opt/Symantec/sesa/servletengine/simsuersettings/*
    • Custom and precanned rules can be backed up by copying this folder and files off the appliance
      /opt/Symantec/simserver/simcm/rules/*
    • Tar up the eventarchives using this command and move them off the appliance
      # tar cf eventarchive.tar /eventarchive

These files should be backed up whenever you create or change anything in the Symantec Security Information Manager UI and are copied to the local machine from which you are running the Symantec Security Information Manager UI:

    • Backup all Queries by exporting the query as a *.qml file
    • Backup all Reports by exporting the report as a *.rml file
    • Export Sensors for Product configuration pages as .xml files
    • Export Assests as a .csv file incase you need to reinstall or rebuild and need to have assets.
    • Export any User Rules after they are tested and deployed. These will be exported as a .xml and .cfg file in a folder with the same name as the rule. Or you can back up the entire folder in the path from above

Note: If your DASHBOARD.xml is overwritten while applying MR-2 you can recover the dashboard by copying the DASHBOARD.xml file from

      /opt/Symantec/sesa/servletengine/webapps/imr/xml/usersettings
      to
      /opt/Symantec/sesa/servletengine/simsuersettings/username folder




 

Supplemental Materials

SourceETrack
Value1237064

Related Articles



Legacy ID



2008040207350554


Article URL http://www.symantec.com/docs/TECH89265


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support