How to take a snapshot of Endpoint Security Management Server database on Gaia OS
The Endpoint Security Management Server database resides in the '
$RTDIR/event_db/data' directory, which is usually mapped to the '
/var/log' partition. Since the Gaia OS snapshot does not back up the '
/var/log' partition, the Endpoint Security Management Server database is not collected as a part of the Gaia OS snapshot.
In the case where '
$RTDIR/events_db/data' is mapped to '
lv_current' partition ('/'), the issue does not occur, since database backup is part of the Gaia snapshot.
During installation, the system maps '
$RTDIR' to the larger partition, either '
lv_current' or '
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Management Server / upgrade Multi-Domain Security Management Server / upgrade Endpoint Security Management Server / upgrade SmartConsole).
For lower supported versions, Check Point provides a special shell script to manually backup the Endpoint Security Management Server database on Gaia OS.
Run the following command in Expert mode:
[Expert@HostName:0]# df -T $RTDIR/events_db/data | grep -c "lv_log"
- If the returned result is "0", then there is no need to run the special shell script.
- If the returned result is "1", then the database is located on "lv_log".
The Endpoint Security Management Server database can be backed up manually on Gaia OS by using the special shell script.
The shell script will create a single TGZ file, containing data stored in the Endpoint Security Management Server database.
The output TGZ file, which is generated by this shell script is a logical part of a system snapshot. As such, it has to be stored in a way, which clearly associates the resulting file to the correct system snapshot. Otherwise, incompatibility issues may arise.
For instance, assign the same name to the system snapshot and to the output TGZ file.
When to use the script:
- Run the script in backup-mode prior to taking a snapshot.
- Run the script in restore-mode after reverting to an associated snapshot.
- Run the script in restore-mode in "First Time Configuration Wizard", after installing from existing snapshot (only in versions higher than R77).
How to use the script:
- Download the script file from here.
- Connect to the command line on Endpoint Security Management Server (over SSH, or console).
- Log in to Expert mode.
- Transfer the script file to some location on the machine.
- Assign the execute permission to the script:
[Expert@HostName]# chmod +x EndPoint_Snapshot_sk98153.sh
- Execute the shell script:
[Expert@HostName]# ./EndPoint_Snapshot_sk98153.sh <mode> <output_file.tgz> [--force] [--auto|--manual]
|Argument / Flag
<mode> is one of these two:
- -b , or --backup
- -r , or --restore
Name of the output TGZ file:
- In backup-mode, it is the generated file.
- In restore-mode, it is the file, from which you want to restore.
|-f , or --force
||(Optional) By default, the shell script will perform the backup/restore operation only if the database is located in the 'log' partition ('lv_log').
With this flag, the backup/restore operation will be performed even when the database is not on 'log' partition.
Additionally, if the database version on the target machine differs from the database in the collected TGZ file, the restore operation will be blocked unless this flag is used.
|-a , or --auto
||(Optional) Automatic mode - skips querying the user for input.
|-m , or --manual
||(Optional) Manual mode (default) - requires the user to confirm some actions.
[Expert@HostName]# ./EndPoint_Snapshot_sk98153.sh --backup my_db_snapshot.tgz
- The script creates the following log file - /opt/CPInstLog/<SCRIPT_NAME>.log.