Please note that this article is not relevant for Cloud users. For more information on cloud backup, see here.

Introduction

A comprehensive backup strategy is an important focus for any maintenance plan. While primarily meant to protect against data loss, backups can also serve to address other significant maintenance requirements as well as be used as archives.

The easiest way to perform a backup is using the Chronicle SOAR platform:

Create a database backup from the UI (Local Folder)

  1. Connect to your server via SSH and create a new folder in your desired location for your Backup.
  2. Navigate to Settings > Advanced > General and configure the backup to write to the local folder you created.
  3. Hit “Backup Now” to test and ensure a file is created in the shared folder.

Create a database backup from the UI (Network Folder)

  1. Create an SMB shared folder on a Network.
  2. Navigate to Settings > Advanced > General and specify a remote SMB server path as //server_name/share_name along with a username and password here to connect
  3. Select “Backup Now” to test and ensure a file is created in the shared folder.

If the above methods do not work for you – we have prepared instructions for other ways to perform backups.

Google recommends using fstab to permanently mount a remote network share as a local folder. Fstab entries ensure that the mount remains persistent across reboots, thereby enabling you to configure the backup to write locally while still storing it in a protected external location.

Please refer to RedHat’s fstab documentation for more information.

Remote folder location. On the server side you can use any on-prem or Cloud service that supports the SMB protocol for accessing shares. NFS is also supported with the installation of the client packages. You may utilize any share location that uses the SMB or NFS protocols

Mounting a Remote folder with SMB

  1. Start by connecting to the Chronicle SOAR server (via SSH) to create the folder to use as the mount point. In this example we’ll create /media/db_backup.
    mkdir /media/db_backup
  2. Next we need to install the right client packages. As root, run:
    yum install -y cifs-utils
  3. Now modify fstab to define the mount point.
    sudo nano /etc/fstab
  4. Add a new entry at the end.
    //smb_server/share_name /media/db_backup cifs iocharset=utf8,file_mode=0777,dir_mode=0777

If you use a hostname please make sure the host OS is configured for the proper DNS server. Otherwise specify an IP address for the SMB server.

  1. If you need to provide credentials to access the remote share do so with a credentials file and modify the entry to point to this file. In this example we’re using a file named ‘smbpasswd’.
    //smb_server/share_name /media/db_backup cifs credentials=/root/smbpasswd,iocharset=utf8,file_mode=0777,dir_mode=0777
  2. Use this command to create the smbpasswd file. Replace your_username and your_password with the correct values.
    sudo echo username=your_username > /root/smbpasswd
    sudo echo password=your_password >> /root/smbpasswd
  3. Run mount -a to reload fstab and mount the share. If the command is successful you won’t see any response. You can now run mount and should see your entry as the last in the list. Navigate to /media/db_backup and run touch test to create an empty file. On your server you should see this new file in the backup folder.

Please pay close attention to the number and size of the backups which are created as they will continue to accumulate indefinitely.

Alternatively you can choose to perform the above procedure using NFS as follows:

Mounting a Remote folder with NFS

  1. Start by installing the necessary client package for the NFS protocol.
    yum -y install nfs-utils
  2. Create a different folder for this mount point.
    mkdir /media/nfs_backup
  3. Now modify fstab to define the mount point.
    sudo nano /etc/fstab
  4. Add a new entry at the end.
    nfs_server:/share_path  /media/nfs_backup nfs  defaults  0 0
  5. Run mount -a to process the fstab entry and mount to verify the entry exists.

Now you can configure your backups to write to this folder using one of the methods below:

  • Create database backup with pg_dump
  • Create database backup with PGadmin

Create a database backup with pg_dump

For more information on backup using pg_dump, click here
Using the method above will result in a dated folder individual database backups. It’s important to note that the file names themselves do not contain a unique identifier so storing them as a group in a versioned folder is important and should be used when performing the backup manually or via a script.

The following 20 databases should be backed up:

  • siemplify_metadata_db
  • siemplify_system_db
  • siemplify_agents_db
  • siemplify_homepage_db
  • siemplify_ontology_db
  • siemplify_dashboards_db
  • siemplify_integrations_db
  • siemplify_jobs_db
  • siemplify_report_system_db
  • siemplify_search_everything_db
  • siemplify_command_center_db
  • siemplify_notifications_db
  • siemplify_orchestration_db
  • siemplify_entityexplorer_db
  • siemplify_monitoring_db
  • siemplify_layout_view_db
  • siemplify_queues_db
  • siemplify_simulation_db
  • siemplify_configuration_db
  • siemplify_usecases_db
  1. First verify your version of pg_dump by running pg_dump – -version. It should be 10.0 or newer.
  2. Now create a .pgpass file in the home directory of your user which you’ll use to supply the ‘sa’ account password you’ll be using to connect to the database. Replace the default sa password with your password.
    echo localhost:5432:*:sa:newpassword> ~/.pgpass
  3. Secure the file.
    chmod 600 ~/.pgpass
  4. Create a dated folder to store the backups.
    mkdir /media/db_backup/$(date +"%d-%m-%Y")
  5. Backup the database.
    pg_dump -Fc -v -U sa -h localhost --file=/media/db_backup/$(date +"%d-%m-%Y")/notification_db.bak siemplify_notifications_db
  6. This operation should be repeated for each of the above listed databases.

Create a database backup with PGadmin

PGadmin is a GUI tool for managing Postgres Databases which can also be used to perform backups. Download the package from https://www.pgadmin.org/download/ and after installing create a new connection to your server on port 5432. After a successful connection you can right-click each database and select Backup from the menu.