Currently the McAfee Web Gateway has the ability to create automatic backups and push to a remote host using HTTP(s). Using the flexibility of the Web Gateway we can create a daily backup job that has a unique filename and can be pushed off box via FTP. The reason this process was created was to give Web Gateway administrators the option to create daily backups that have a unique filenames and can be transferred off box via FTP.
We will be leveraging the McAfee Web Gateway log management functions to ensure the backup files have a unique filename with timestamp as well as push these backups to an external FTP server for a better disaster recovery solution. We will use the Scheduled Jobs functionality of the McAfee Web Gateway to create a daily backup of your current configuration.
Creating a new File System logging entry
The first step to accomplishing this goal is to create a new File System Logging entry. In your Web Gateway under Policy > Settings > Engines - Right click File System Logging and select " Add...". Give this entry a Name that will allow you to quickly identify it among your other logging settings, such as the example "Automatic Backup". A log name will also need to be entered, such as backup.log. Uncheck "Enable log buffering" and click OK to create and close this window.
Rotating and Pushing the new backup.log file
Pushing the new backup.log off box will be completed under the newly defined File System logging entry, select the name defined in the previous step (see Automatic Backup in screenshot below). On the right hand side expand "Settings for Rotation, Pushing, and Deletion".
Under Settings for Rotation, Pushing and Deletion check "Enable specific settings for user defined log", under Auto Rotation select "Enable auto rotation" as well as "Enable scheduling of log file rotation (format: hh:mm)" then enter the time the rotation should occur, keep in mind that your rotation time is important as we will be creating a scheduled backup job that must run before the rotation time (in this example we will be scheduling the backup creation at 1 AM and rotating and pushing the file at 2 AM).
Under "Auto Deletion" you can see in the example that we've chosen to automatically delete unchanged logfiles after 2 days, once this is operational we will not need to keep automatic backup files on the appliance as they are stored safely on your FTP server.
The last configuration needed here is to enable "Auto Pushing". Select the "Enable auto pushing" check box and define your destination server, in this case an FTP server was used, and make sure to check "Enable pushing of log files directly after rotation".
Scheduling the automatic backup
The next task is creating a scheduled job. You can find the scheduled jobs section under Configuration > Central Management > Advanced Scheduled Jobs. Click and you will receive the Edit a Scheduled Job window as seen below.
This scheduled job will be started daily, set to run at 1 AM (in this example we will be scheduling the backup creation at 1 AM and rotating and pushing the file at 2 AM).
Under Job settings, drop down to "Backup Configuration" and give this job a "Unique job ID". This value is your choice provided it does not conflict with any other existing scheduled jobs.
Adding a job description is optional, I find it helpful to reference what the job is configured to accomplish so that if I a problem arises and further modification is needed it's clear what this jobs function is intended to do.
Under "Parameter Settings" check "Use most recent configuration" and under the "Save configuration to backup" we must define the full path to the actual backup.log file. The path here must be entered like: /opt/mwg/log/user-defined-logs/backup.log/backup.log.
The duplicate "backup.log" in the defined /path/file.extension field is needed as the directory for these files is named backup.log (automatically by creating a new File System Logging entry) and the new log entry is defined as backup.log (see Creating a new File System logging screenshot). Filenames created by this job will be named as follows: backup1309040200-10.10.76.10.log
Restoring configuration from 'backup.log' file
It is important to note that the files created are not automatically found when performing a restore via the Web Gateway UI, when the UI attempts to find the backup file it will be looking for a .backup extension as seen here:
A change of the "Files of type:" drop down to All Files will allow the Web Gateway to see the backup it should use for restoring. Here you can see the backup.log appears after the change of the file type change. After the file is selected and Open is clicked the restore works normally.
Backup from the CLI
If you desire to backup the appliance from the CLI, see commands below.
In the event that you are not seeing the backup files on your destination server or the backup is not being created properly, there are some items to check.
Backup.log files not being created by Scheduled Job?
There is a log created when scheduled jobs are configured. You can find this log in the Web Gateway user interface under Troubleshooting > Log files > scheduled-jobs > scheduled.log.
Backup.log file not being uploaded to configured server
If your backup.log is not showing up on the remote server, review the mwg-logmanager.errors.log located within the Web Gateway user interface under Troubleshooting > Log files > mwg-errors > mwg-logmanager.errors.log