Backing up and Restoring FortiSOAR™
This chapter describes the process of backing up and restoring FortiSOAR™, whether or not you have not externalized your PostgreSQL database.
Prerequisites
You must have the root
or sudo
permissions to perform backup and restore.
Note
Ensure that you have enough disk space available to perform backup and restore tasks. It is recommended that you have available disk space of around 3X of the data size, for example, if your data size is 2GB, then you should have around 6GB of available disk space, to ensure that the processes do not stop or fail.
Backup Process
Use the FortiSOAR™ Admin CLI (csadm
) data
option to regularly perform backups and restore, which restores the data seamlessly to a new FortiSOAR™ environment. To perform backup and restore, you must have root access on your FortiSOAR™ system. For more information on csadm
, see the FortiSOAR™ Admin CLI chapter in the "Administration Guide."
The FortiSOAR™ Admin CLI performs a full database backup of your FortiSOAR™ server each time and the backup is an encrypted backup. There is no provision of incremental backups. Backups are performed for a particular version of FortiSOAR™, and backups should be restored on the exact versions of FortiSOAR™. If a newer version of FortiSOAR™ is available and you want to move to that newer version of FortiSOAR™, you must restore the backed-up version only and then upgrade to the latest FortiSOAR™ version. This is to ensure that all the new changes will be present.
Important: The FortiSOAR™ Admin CLI backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.
Data that is backed up during the backup process
The FortiSOAR™ Admin CLI backs up the following files, configurations, and data during the backup process:
- site-packages
- connectors
- application.conf
- db_config.yml
- pg_hba.conf
- PostgreSQL database backups as per requirements
Note: Backup of the configuration files are taken only in case of localized databases.
Prerequisites to running the backup process
You must have the NFS or local backup storage path.
Performing a backup
To perform a backup run the csadm
command on any FortiSOAR™ machine using any terminal. A user who has root
or sudo
permissions can run the csadm
command.
- SSH to your FortiSOAR™ VM and login as a root user.
- To perform a backup, type the following command:
# csadm db --backup <path_of_backup_file>
<path of backup file>
is the directory where backup files will be created. If you do not specify the path of backup file in the above file, then the CLI will interactively ask you to provide the path of backup file.
Important: FortiSOAR™ backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted. - (Optional) If you only want to backup only your configuration files, then type the following command:
# csadm db --backup-config
Once you run the above command, you will be asked to provide the path of the configuration backup file.
Running a backup as a scheduled job
Following is an example of running a backup as a scheduled cron job, on your FortiSOAR™ system, that will run at 12:30 am every day. You can schedule the backup process based on your requirements.
Add the cron job to run at 12:30 am every day as follows:
$ sudo crontab –e 30 00 * * * csadm db --backup <path_of_backup_file>
Once the backup process is successfully completed, the final DR_BACKUP_<FortiSOAR_version>_timestamp.tgz
file is located in the directory where the backup files are created. It would be the same directory that you have specified when you ran the the csadm db --backup <path_of_backup_file>
command. The DR_BACKUP_<FortiSOAR_version>_timestamp.tgz
file includes the timestamp on when the backup is created.
The DR_BACKUP_<FortiSOAR_version>_timestamp.tgz
file includes all the backup files. You can run the following command to check the contents of the DR_BACKUP_<FortiSOAR_version>_timestamp.tgz
file :
# tar -tvf <DR_BACKUP_<FortiSOAR_version>_timestamp.tgz>
Restore process
To restore the data on a new FortiSOAR™ server run the csadm
command on any FortiSOAR™ machine using any terminal. A user who has root
or sudo
permissions can run the csadm
Note: The restore process restores data from the following locally saved file: /home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tar
Restoring data
- Move the backup file to the new FortiSOAR™ server.
- SSH to the new FortiSOAR™ VM and login as a root user.
- To restore the data, type the following command:
# csadm db --restore