You can use a restore script to restore data from a JSA Risk Manager backup.
The JSA Risk Manager appliance and the backup archive must be the same version of JSA Risk Manager. If the script detects a version difference between the archive and the JSA Risk Manager managed host, an error is displayed.
Use the restore script to specify the archive that you are restoring to JSA Risk Manager. This process requires you to stop services on JSA Risk Manager. Stopping services logs off all JSA Risk Manager users and stops multiple processes.
The following table describes the parameters that you can use to restore a backup archive.
Table 1: Parameters Used to Restore a Backup Archive to JSA Risk Manager
Overwrites any existing JSA Risk Manager data on your system with the data in the restore file. Selecting this parameter allows the script to overwrite any existing device configurations in Configuration Source Management with the device configurations from the backup file.
Do not delete directories before you restore JSA Risk Manager data.
The help for the restore script.
- Using SSH, log in your JSA console as the root user.
- Using SSH from the JSA console, log in to JSA Risk Manager as the root user.
hostcontextby typing systemctl stop hostcontext.
- Type the following command to restore a backup archive
to JSA Risk Manager:
/opt/qradar/bin/risk_manager_restore.sh -r /store/qrm_backups/<backup>.
Where <backup> is the JSA Risk Manager
archive that you want to restore.
hostcontextby typing systemctl start hostcontext.