Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Backup and Restore Applications

JSA provides a way to backup and restore application configurations separate from the application data.

Application configurations are backed up as part of the nightly configuration backup. The configuration backup includes apps that are installed on the JSA console and on an App Host. You can restore the application configuration by selecting the Installed Applications Configuration option when you restore a backup.

Application data is backed up separate from the application configuration by using an easy-to-use script that runs nightly. You can also use the script to restore the app data, and to configure backup times and data retention periods for app data.

Backing Up and Restoring Apps

Use the JSA Backup and Recovery window on the Admin tab to back up and restore apps.

You can back up your apps by creating a configuration back up. A configuration backup does not backup your app's data.

If an App Host is attached to your JSA console, the App Host’s configuration is backed up as part of the console's Deployment Configuration. You cannot restore an App Host on a JSA console with a different IP address than the App Host was initially configured with.

By default, apps are restored to console unless an App Host is present. If JSA cannot restore apps to your App Host , it attempts to back restore them to the JSA console. The number of App Host apps that can be restored onto the console is constrained by the amount of memory that is available on the JSA console. Apps that are defined as node_only in their application manifest file cannot be restored to the JSA console.

  1. On the navigation menu (), click Admin.

  2. In the System Configuration section, click Backup and Recovery.

  3. Select an existing backup in the Backup and Recovery window and click Restore.

  4. Ensure that the Installed Applications Configuration check box is selected, and click Restore.

    Note:

    By selecting the Installed Applications Configuration check box, you restore the install app configurations only. Extension configurations are not restored. Select the Deployment Configuration check box if you want to restore extension configurations.

Backing Up and Restoring App Data

Use the marathon-volume-backup.py script to back up and recover app data.

A configuration backup that you do on the backup and Recovery window does not back up your apps' data. The /usr/local/bin/marathon-volume-backup.py script runs nightly at 2:30 AM, and backs up each installed application's /store mounted volume. By default, data is retained for 7 days.

Use the script to do the following tasks:

  • Back up data manually for installed apps.

  • List all installed app data backups on the system.

  • Restore data for installed apps.

  • Run the retention process and set the retention period for backups.

This script is on both the JSA console and App Host if one is installed. The script backs up app data only if apps are on the current host.

  1. Use SSH to log in to your Console or your App Host as the root user.

  2. Go to the /usr/local/bin/ directory.

    • Use the following command to back up app data:

      The marathon-volume-backup.py script runs nightly at 2:30 AM local time to back up all installed apps. Backup archives are stored in the/store/backup/marathon folder. You can change the backup archives location by editing the APP_VOLUME_BACKUP_DIR variable in /store/configservices/staging/globalconfig/ nva.conf.. You must deploy changes after you edit this variable.

    • To view all data backups for installed apps, enter the following command:

      ./marathon-volume-backup.py ls

      This command outputs all backup archives that are stored in the backup archives folder.

    • To restore a backup archive, enter the following command:

      ./marathon-volume-backup.py restore -i <backup name> - <backup_name>

      Use the ls command to find the name of a backup archive

    • By default, all backup archives are retained for one week. The retention process runs nightly at 2:30 AM local time with the backup.

      • To perform retention manually, and use the default retention period, enter the following command:

        ./marathon-volume-backup.py retention

      • You can also set the retention period manually by adding -t (time - defaults to 1) and -p (period - defaults to 0) switches.

        The -p switch accepts three values: 0 for a week, 1 for a day, and 2 for an hour.

        For example, to set the retention period for a back up to 3 weeks, enter the following command:

        ./marathon-volume-backup.py retention -t 3 -p 0

    • If you want to change the retention time that is used by the nightly timer, add flags to the retention command found in the following systemd service file:

      /etc/systemd/system/framework-apps-data-backup.service

      For example, to change the retention period that is used by the nightly retention process to 5 days, locate the following line:

      ExecStart=/opt/qradar/bin/app-volume-backup.py retention

      Replace it with:

      ExecStart=/usr/local/bin/marathon-volume-backup.py retention -t 5 -p 1

      Save your changes, and run the systemctl daemon-reload command for systemd to apply the changes.

  3. Use the following command to restart each app container:

    docker restart <container_id>

    If you don't know the container ID, use the following commands to find it:

    psql -U qradar -c 'select id, name from installed_application'

    The command returns the app ID. Insert the app ID into the following command to find the container ID:

    docker ps -a --format "{{.ID}},{{.Image}}" | grep 'qapp/<app_id:’ | cut -d , -f1