cancel
Showing results for 
Search instead for 
Did you mean: 
socgt
Level 7

McAfee ESM 9.6.0 Backup Restore

Hello All,

I have re-deployed SIEM's Virtual Machines with version 10.0. I have configuration backup of ESM 9.6.0 now when I am trying to restore the backup nothing is happening.

I have uploaded the backup and initiated the process but after sometime I am getting the same new ESM with 10.0 none of the settings from 9.6.0 is applying.

Any suggestions.

Thanks

0 Kudos
10 Replies
schrodinger
Level 9

Re: McAfee ESM 9.6.0 Backup Restore

Restore can only be done with the same version, same Maintenance Release.

NG: esm 10.0 <- restore 9.6.x backup files

Ok: esm 10.0 <- restore 10.0.0 backup files

0 Kudos
socgt
Level 7

Re: McAfee ESM 9.6.0 Backup Restore

Thanks

Now I have deployed the ESM 9.6.0 's Virtual Machine and trying to restore the backup taken but still I am not getting the assets in the physical display of the ESM. Some how the backed up settings are not getting applied.

Any suggestions.

Thanks

0 Kudos
schrodinger
Level 9

Re: McAfee ESM 9.6.0 Backup Restore

hi socgt,

Have you restarted after the restore?

Rebooting after restoration is mandatory.

Of course ACE and ERC also need to be restarted.

regards

0 Kudos
abanaru
Level 11

Re: McAfee ESM 9.6.0 Backup Restore

I would recommend a tail -f /var/log/messages when you do the restore, so you would know when the restoration is finished.

0 Kudos
socgt
Level 7

Re: McAfee ESM 9.6.0 Backup Restore

Thanks and   for the valuable suggestions.

The issue was identified it was a missing MR version due to which the database restore was failing.

Now I am facing a new issue that is after the database restore and SIEM system reboot  I am getting the below error.

'The database is unavailable at this time. Checking for availability.'

Any idea what could have been wrong.?

Thanks

0 Kudos
abanaru
Level 11

Re: McAfee ESM 9.6.0 Backup Restore

This occurs either when an upgrade is occurring or the database has errors.

Look inside /usr/local/ess/data/NitroError.Log and /var/log/message.

If there are DB errors you can fix them with DBCheck (this example fixes Log table):

DBCheck -d '/usr/local/ess/data/ngcp.dfl|127.0.0.1|1111' -c

DBCheck -d '/usr/local/ess/data/ngcp.dfl' -c

DBCheck -d '/usr/local/ess/data/ngcp.dfl' -t "Log" -r

0 Kudos
socgt
Level 7

Re: McAfee ESM 9.6.0 Backup Restore

Hello,

/var/log/message shows the below info:


McAfee cpservicectl[1800]: info: Waiting on dbserverd to finish starting

0 Kudos
abanaru
Level 11

Re: McAfee ESM 9.6.0 Backup Restore

Assuming this took too long you can try the following.

service cpservice stop

service dbserver stop

and then run the DBCheck commands from my previous post. Fortunately this will find some table corruption and fix it.

0 Kudos
schrodinger
Level 9

Re: McAfee ESM 9.6.0 Backup Restore

Ok, The Restore procedure is as follows

1. build ESM 9.6.0

2. prepair to backup file.(must to the same version to ESM/ERC/ACE..)

so 9.6.0 backup file

3. restore

4. tail -f /var/log/messages

but nothing messages like "Restore has done".

5. Wait until you can login to the GUI.

This is the only restoration completion message.

6. ESM reboot.

7. ERC/ACE restore

8. Wait about 15 minutes.

9. ERC/ACE reboot.