To backup, you must run all commands on the primary and minion systems unless otherwise noted. Perform all steps on all standalone servers.
To backup the Carbon Black EDR server:
-
Stop Carbon Black EDR services.
-
Copy and save all entries in the Carbon Black server section from /etc/hosts that are marked by
{{BEGIN - CB Server}} and {{END - CB Server}}comments to a remote location. There might not be a Carbon Black server section, or the section might be empty. -
Issue the following commands to back up files. (Not all files exist on some systems or installations.)
tar -P --selinux -cvf cbssh.tar /etc/ssh/ tar -P --selinux -cvf cbconfig.tar /etc/cb/ tar -P --selinux -cvf cbrootauthkeys.tar /root/.ssh/authorized_keys tar -P --selinux -cvf cbinstallers.tar /usr/share/cb/coreservices/installers/ tar -P --selinux -cvf cbcrons.tar /etc/cron.d/cb
-
You can perform a full backup, or you can skip event core backups if migration space is limited. Issue one of the following commands.
Full backup:
tar -P --selinux -cvf cbdata.tar /var/cb/
Backup without event core:tar --exclude=/var/cb/data/solr?/cbevents/* -P --selinux -cvf cbdata.tar /var/cb
-
Back up custom changes from the following locations:
/etc/rsyslog.conf /etc/rsyslog.d/ /usr/share/cb/syslog_templates (on primary machine only)
-
Custom syslog changes might be specified in the /etc/cb/cb.conf file. Search the file for any
SyslogTemplate=entries. For example:WatchlistSyslogTemplateBinary=/var/custom/syslog/ watchlist_binary_custom.template
-
-
Save tar data to a remote location.
