ArcSight Express 4.0: Backup-Restore Guide for Disaster Recovery

Summary:

This document outlines a procedure for backing up an entire ArcSight Express 4.0 configuration on a single box, with steps focused on disaster recovery. The process involves stopping and starting the ArcSight Manager service, exporting system tables to a SQL dump file, moving this file to another system, importing the data onto the new system, and finally restarting the service. This ensures that all configurations are preserved for future use in case of system failure or replacement.

Details:

The provided instructions outline a method for creating a complete ArcSight Express 4.0 configuration backup, specifically tailored for disaster recovery purposes. Here is a summarized version of the steps and key points mentioned in the original text: 1. **Stop the ArcSight Manager service**: On your ArcSight Express box (e.g., HostA), execute the command to halt the ArcSight Manager service using: ```bash /sbin/service arcsight_services stop manager ``` 2. **Export all system tables**: Navigate to the specific directory and run a script that exports all necessary system tables. This is done by running: ```bash cd /opt/arcsight/manager/bin ./arcsight export_system_tables arcsight arcsight arcsight arcsight_dump_system_tables.sql ``` The output file, `arcsight_dump_system_tables.sql`, will be saved in `/opt/arcsight/manager/tmp`. 3. **Start the Manager service**: Once the export is complete, start the ArcSight Manager service again using: ```bash /sbin/service arcsight_services start manager ``` 4. **Copy the backup file**: Move the `arcsight_dump_system_tables.sql` file to a network-accessible storage location for backup purposes. 5. **Prepare a new ArcSight Express box**: Ensure that the replacement system is set up with the same hostname, IP address, and other essential configurations as the original system. 6. **Copy the SQL dump file**: Transfer the `arcsight_dump_system_tables.sql` from the backup location to the `/opt/arcsight/manager/tmp` directory on the new system. 7. **Stop the Manager service**: On the new ArcSight Express box, stop the manager service: ```bash /sbin/service arcsight_services stop manager ``` 8. **Restore all resources using import process**: Start the import process to restore all configurations by running: ```bash ./arcsight import_system_tables arcsight arcsight arcsight arcsight_dump_system_tables.sql ``` 9. **Restart the Manager service**: Finally, start the ArcSight Manager service again using: ```bash /sbin/service arcsight_services start manager ``` This process ensures that all configurations and data from the original system are successfully migrated to a new one, facilitating efficient disaster recovery for ArcSight Express 4.0 systems.