You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>BackupAndRestoration>BackUpAndRestoreNetFlowData (07 Nov 2021, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

Back Up and Restore NetFlow Data

NetFlow is a protocol designed and published by Cisco Systems that has become the accepted industry standard for recording and transmitting information about network flows. Through Sheriff CSM you can back up and restore the information about flows in a network.

NetFlow Data Backup Configuration

To configure the backup of NetFlow data
  1. From the Sheriff CSM web interface, go to Configuration > Administration > Main > Backup.

  2. Set the number of days to store flows in the Active NetFlow Window field. Default is 45 days.

    NetFlow Data Configuration

  3. Click Update Configuration.

Backing Up NetFlow Data

To back up NetFlow data

  1. Connect to the Sheriff Console through SSH and use your credentials to log in.

    The Sheriff Setup menu displays.

  2. On the Sheriff Setup main menu, select Jailbreak System to gain command line access.

    Select Yes when prompted. You will be in the root directory.

  3. On the command line, type the following command:

    screen

    We recommend using the screen session so that you can keep the program running even after you log out.

  4. Run the following command:

    tar czf sheriff-netflow-`date +%s`.tgz /var/nfsen /var/cache/nfdump

    Adding `date +%s` to the filename gives it a unique time stamp.

This procedure creates the sheriff-netflow-<timestamp>.tgz file. Transfer the file to the target system. You can use either an SFTP client on Windows, such as WinSCP; or the SCP protocol on Linux.

Restoring NetFlow Data

Before following the procedure below, you should have deployed the SAME version of Sheriff CSM. You should have transferred the backup files to the target system and place them in the root directory.

To restore NetFlow data

  1. Connect to the Sheriff Console through SSH and use your credentials to log in.

    The Sheriff Setup menu displays.

  2. On the Sheriff Setup main menu, select Jailbreak System to gain command line access.

    Select Yes when prompted. You will be in the root directory.

  3. On the command line, type the following command:

    screen

    We recommend using the screen session so that you can keep the program running even after you log out.

  4. Stop the following services so that they do not interfere with the process:

    /etc/init.d/monit stop
/etc/init.d/vigilante-server stop
/etc/init.d/vigilante-agent stop
/etc/init.d/vigilante-framework stop
/etc/init.d/sheriff-api stop

  5. Extract the backup file into the '/' directory:

    tar xvzf sheriff-netflow-<timestamp>.tgz -C /

  6. Update file permissions:

    tar tvzf sheriff-netflow-<timestamp>.tgz | tr -s ' ' > /root/file_list
ulimit -s 65536
cd /
for i in `cat /root/file_list | cut -f2 -d" " | sort -u`; do user=`echo $i | cut -f1 -d"/"`; group=`echo $i | cut -f2 -d"/"`; chown $user:$group `grep $i root/file_list | cut -f6 -d" " | xargs`; done
ulimit -s 8192

  7. Restart all services for changes to apply:

    sheriff-reconfig -c -v -d
Edit  | Attach | Print version | History: r11 < r10 < r9 < r8 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r11 - 07 Nov 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.