Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Restoring Data

The JSA Risk Manager appliance and the backup archive must be the same version of JSA Risk Manager. If the script detects a version difference between the archive and the JSA Risk Manager managed host, an error is displayed.

You can use a restore script to restore data from a JSA Risk Manager backup.

Use the restore script to specify the archive that you are restoring to JSA Risk Manager. This process requires you to stop services on JSA Risk Manager. Stopping services logs off all JSA Risk Manager users and stops multiple processes.

The following table describes the parameters that you can use to restore a backup archive.

Table 1: Parameters Used to Restore a Backup Archive to JSA Risk Manager

Option

Description

-f

Overwrites any existing JSA Risk Manager data on your system with the data in the restore file. Selecting this parameter allows the script to overwrite any existing device configurations in Configuration Source Management with the device configurations from the backup file.

-w

Do not delete directories before you restore JSA Risk Manager data.

-h

The help for the restore script.

  1. Using SSH, log in your JSA console as the root user.
  2. Using SSH from the JSA console, log in to JSA Risk Manager as the root user.
  3. Stop hostcontext by typing systemctl stop hostcontext.
  4. Type the following command to restore a backup archive to JSA Risk Manager:

    /opt/qradar/bin/risk_manager_restore.sh -r /store/qrm_backups/<backup>.

    Where <backup> is the JSA Risk Manager

    archive that you want to restore.

    For example, backup-2012-09-11-10-14-39.tgz.

  5. Start hostcontext by typing systemctl start hostcontext.