Before updating Symantec Security Information Manager (SSIM) with hotfixes or maintenance releases

Article:TECH89265  |  Created: 2008-01-02  |  Updated: 2014-07-25  |  Article URL http://www.symantec.com/docs/TECH89265
Article Type
Technical Solution


Issue



You want to know what do you need to save to fully recover your SSIM Appliance

 


Cause



Some files, configurations or changes made in the Symantec Security Information Manager can be removed or altered during an product update.


Solution



Backup the following items before updating, configuring Symantec Security Information Manager or when any changes are made.

SSIM 4.6 & SSIM 4.7

    • Backup the DB2 Database using the Web Configuration page
      4.6 - Database Utilities -> Backup
      4.7 - Maintenance -> Backup and Restore -> Backup
      The backup is stored in multiple files in /dbsesa/backup/
      4.8 - Maintenance -> Backup and Restore -> Backup
      The backup is stored in multiple files in /dbsesa/backup/
    • Backup the LDAP database using the Web Configuration page
      4.6 - Database Utilities ->LDAP Backup
      4.7 - Maintenance -> Backup and Restore -> LDAP Backup
      The backup is stored on the appliance in /dbsesa/backup/ldap
      4.8 - Maintenance -> Backup and Restore -> LDAP Backup
      The backup is stored on the appliance in /dbsesa/backup/ldap
    • Custom User Rules, when you export them they will be exported as two files MyRule.xml and MyRule.cfg, both of these files must be in the same folder when you import them back in if necessary.
    • Custom queries in My Queries, must be exported or publish them so they are included in the LDAP Backup
    • Custom reports in My Reports, must be exported or publish them so they are included in the LDAP Backup
      Note: Exported reports, or backed up reports do not include the queries referenced by the reports.
    • Dashboard properties are included in the LDAP backup
      Note: custom queries referenced by the Dashboard must be backed up by one of the method covered previously.
    • Tar up the eventarchives using this command and move them off the appliance
      # tar cf eventarchive.tar /eventarchive

These files should be backed up whenever you create or change anything in the Symantec Security Information Manager UI and are copied to the local machine from which you are running the Symantec Security Information Manager UI:

    • Backup all Queries by exporting the query as a *.qml file
    • Backup all Reports by exporting the report as a *.rml file
    • Export Sensors for Product configuration pages as .xml files
    • Export Assests as a .csv file incase you need to reinstall or rebuild and need to have assets.
    • Export any User Rules after they are tested and deployed. These will be exported as a .xml and.cfg file.

You also need to backup your certificate. If you don't backup the certificate after recovering from a disaster you won't be able to verify your old archive. (i.e. digital signature) See KB :TECH142577

 


Supplemental Materials

SourceETrack
Value1237064


Legacy ID



2008040207350554


Article URL http://www.symantec.com/docs/TECH89265


Terms of use for this information are found in Legal Notices