Hi Experts!
Kindly suggest some best practices to configure the backup and restore mechanism of the FortiSOAR data and configuration file?
The idea is to use the backed-up file (data and configuration) and restore the FortiSOAR again with minimum downtime.
BR,
MFaruqi
Solved! Go to Solution.
--exclude-audit is available from version 7.5.0.
If you are not using FortiSOAR version 7.5.0 then use command :- csadm db --backup <path of destination directory> --exclude-workflow
Adding Further: The backed-up file will be saved on some NFS drive in the Data Storage Nodes. In case of the disaster, the latest backed-up files can be retrieved from the Data Storage and restore the operation of the FortiSOAR with minimum downtime.
Hello,
For a deeper understanding of the backup-restore process, please refer to the documentation.
You can find detailed steps at this link: https://docs.fortinet.com/document/fortisoar/7.5.0/administration-guide/804260/backing-up-and-restor...
Before proceeding with the backup, ensure the following:
1. Confirm that no playbook is running
2. Stop data ingestion and schedules
As you are planning to use the NFS, in the csadm backup cmd provides the path of the mount directory, so the backup file gets created to the mounted NFS
Hello @MuhammadFaruqi1 ,
As per your requirement here are the suggestions
We also recommend taking snapshot periodically. And if system is ESXI VM number of snapshot should be not more than 2.
Hi Experts,
As per the official documentation shared in above replies, it states that:
"Optionally, you can specify the --exclude-workflow option to exclude all the "Executed Playbook Logs" and the --exclude-audit option to exclude all the "Executed Audit Logs" from the backup. Executed playbook and audit logs are primarily meant for debugging so they are not a very critical component to be backed up. However, they constitute a major part of the database size, so excluding them from the backup reduces time and space needed for the backup. For example, to exclude all the "Executed Playbook Logs" from the backup, type the command as follows:
# csadm db --backup [<backup_dir_path>] --exclude-workflow
Now if I want to exclude workflow logs and audit logs in the same command, how can I do this?
For example: Can I write below command to exclude workflow and audit logs:
# csadm db --backup [<backup_dir_path>] --exclude-workflow; --exclude-audit
Secondly, I would like to know this if I am only keeping the backup file that is being generated using the command # csadm db --backup, then the generated backup also contains the configuration backup as well? I mean, if I restore this backup, the data and the configuration will be restored on the FSR?
If not, do we need to separately run the command # csadm db --backup-config for configuration backup?
Regards,
MFaruqi
Hi,
To use both options, use the below CLI:
#csadm db --backup BackupDirectoryPath --exclude-workflow --exclude-audit
This command will take the backup of your configuration files along with DB
If you only want to take a backup of the configurations file then only take a backup using CLI #csadm db --backup-config
Created on ‎05-05-2024 11:05 PM Edited on ‎05-05-2024 11:09 PM
Hi,
the command: #csadm db --backup BackupDirectoryPath --exclude-workflow --exclude-audit didnt work for me. I changed the BackupDirectoryPath with the actual directory path in my system. Screen shot is attached for your reference. Kindly suggest further, I shall be extremely grateful.
--exclude-audit is available from version 7.5.0.
If you are not using FortiSOAR version 7.5.0 then use command :- csadm db --backup <path of destination directory> --exclude-workflow
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.