Intrusion Prevention
Intrusion Prevention

How to save NSM Configuration

12.11.07   |  
‎12-11-2007 01:28 AM
Hi Guys,

Can we save NSM config include all policy,role,and address object into local desktop??
so if necessary we can restore it from export file.

thnks

=ND=
Regards,

ND
10 REPLIES
Intrusion Prevention

Re: How to save NSM Configuration

12.14.07   |  
‎12-14-2007 02:12 AM
Hi ND,
sure you can.
Go in:
/usr/netscreen/HaSvr/utils
and run:
./replicateDb backup

This will create a backup under the directory:
/var/netscreen/dbbackup/backup
where is the number of the day (0 Monday, 6 Sunday).

To be sure that the backup is complete, check the file:
/var/netscreen/dbbackup/backup/CompleteToken
This file has to be present and the date/time of the file has to be correct (ie. not from an old backup)

Hope this helps

Cheers!
--
Daniele
***Contributor at Router Freak blog***
Intrusion Prevention

Re: How to save NSM Configuration

12.14.07   |  
‎12-14-2007 08:04 AM
so how to restore the backup config?? we can't do in NSM application right?
Regards,

ND
Intrusion Prevention

Re: How to save NSM Configuration

01.24.08   |  
‎01-24-2008 12:35 PM
Hi NDCool,

No you can't do it via NSM GUI. Therefore there is a way to do it in cli :

Navigate in /usr/netscreen/HaSvr/utils and do a :
sh restoreDbFromBackup.sh BACKUP_DIRECTORY

In your case BACKUP_DIRECTORY should be :
/var/netscreen/dbbackup/backup1
or
/var/netscreen/dbbackup/backup2
or
/var/netscreen/dbbackup/backup ...

I ve done restores several time and never got an issue with this.

Sylvain
Intrusion Prevention

Re: How to save NSM Configuration

02.12.08   |  
‎02-12-2008 02:04 AM
Hi Silvain,

Thanks for ur attention,
I has trying to backup using this command :

tar cvf /var/netscreen/GuiSvr.backup.tar /var/netscreen/GuiSvr

tar cvf /var/netscreen/DevSvr.backup.tar /var/netscreen/DevSvr

and i think this is only copy and backup the guiserver/devserver folder. Then i restored it on new server and done.
All config and update attack included. But it's takes big space of storage.
How bout with this command "./replicateDb backup", does backup all config or the databases only??


rgds,
-ND-
Regards,

ND
Highlighted
Intrusion Prevention

Re: How to save NSM Configuration

02.19.08   |  
‎02-19-2008 02:10 AM
Hi ND,

You are not suppose to save /var/netscreen/GuiSvr & /var/netscreen/GuiSvr because NSM automaticaly do a clean backup in /var/netscreen/dbbackup/backup(day of the week)
With your method, it take a big place because your archive contains devices s ( FW and IDP ) logs ( /var/netscreen/devSvr/logs ). By default, NSM backup does not include device logs, that s why  it s smaller.

So as you said you can do your own backup via "replicateDb backup" or just do a "tar cvf /var/netscreen/dbbackup/backup(d of week"). These 2 way are similar and give you a package with config and database.

regards,

Sylvain
Intrusion Prevention

Re: How to save NSM Configuration

[ Edited ]
02.19.08   |  
‎02-19-2008 11:44 PM
Hi Sylvain, thanks for ur explain.
I will tested on my lab.

after i try,the backup take more than 400MB
btw, thanks to help.


thanks
-ND-
Message Edited by NDCool on 02-22-2008 10:15 AM
Regards,

ND
Intrusion Prevention

Re: How to save NSM Configuration

02.28.08   |  
‎02-28-2008 02:58 AM

can i just check...

Can i just copy the latest backup file automatically created by NSM eg /var/netscreen/dbbackup/backup1 from NSM to other media ( eg usb disc ) and this will be enough to use as a restore of the config of NSM in event of a total server lost.

Intrusion Prevention

Re: How to save NSM Configuration

02.28.08   |  
‎02-28-2008 02:01 PM
Hi piewacket

Yes it will be enought.

Just for your information, backup1 is not the last one. The NSM backup process create one backup a day every day of the week.
Do a ls -la in order to know the last one.

Regards,

Sylvain
Intrusion Prevention

Re: How to save NSM Configuration

02.29.08   |  
‎02-29-2008 02:32 AM

many thanks - have created an an archive file of latest backup and copied off to a usb stick

 

Intrusion Prevention

Re: How to save NSM Configuration

07.24.09   |  
‎07-24-2009 08:49 AM

You all may find this handy, this automates and kicks off backups via FTP.

 

I usually place it in /usr/local/bin, set permissions to 775, owner to nsm, and group to nsm.

Bear in mind this code is for an NSMExpress, your installation may differ. 

This is setup for a daily backup, so in your HaSvr.cfg set highAvail.numOfBackups to 7

This will pick the backup folder for that day of the week, compress it, and name it based on the datestamp.

After it's done with that, it will FTP it to the server you specify.

When complete, it will cleanup after itself. i.e. the archive it just created.

If you want to start this from cron, you need to su to the nsm user, and edit your crontab.

sudo su - nsm
crontab -e

to run every night at midnight, add the following line:

00 23 * * * root /usr/local/bin/nsm_backup.pl

Attachments