By default, Sheriff CSM backs up the system configurations at 7:00 am local time every day. These display as "Auto" under the Type column in the web UI. You can also manually run a backup at any time.

Sheriff CSM stores its configuration backup files locally, in the following location:

/var/sheriff/backup/configuration_<hostname>_<timestamp>.tar.gz

For example, configuration_VirtualSheriffAllInOne_1429616586.tar.gz

The integer string represents epoch time, therefore, the backup with the highest number denotes the most recent one. Sheriff CSM maintains 10 backups on each system, based on their time stamp.

Note: Sheriff recommends keeping a copy of the latest backup file outside of Sheriff CSM because you may not be able to retrieve these backup files when the system is down.

Before starting the backup, Sheriff CSM verifies the following:

• No re-configuration process is running.
• No other backup or restore processes are running.
• Sufficient disk space exists to restore the configuration backup.

​Sheriff CSM aborts the backup process if any of these checks fails.

Starting from version 5.2.5, Sheriff CSM will not generate any configuration backups, automatic or manual, until you set a password to encrypt the backup files. And you need to provide the same password to decrypt the file before a restoration.

To set up a password to encrypt the backup files

1. In the web UI, go to Configuration > Administration > Main > Backup.

2. In Password to encrypt backup files, type a password between 7 and 32 characters.

   Important: Do not use the following characters in your password:

   ;, |, &, $, <, >, \n, (, ), [, ], {, }, ?, *, ^, \.

3. Click Update Configuration.

To run a backup manually

1. In the web UI, go to Configuration > Administration > Backups > Configuration.

2. Click Run Backup Now.

   A message appears showing when the last backup was run and asking if you want to continue.

3. Select Yes to start the backup.

   These backups display as "Manual" under the Type column.

To see any error messages in the backup logs

1. Go to Configuration > Administration > Backups > Configuration.

2. Click View Backup Logs.

In a federated environment, where you have Sheriff CSM Sensors (Deputies) reporting to a Sheriff CSM Server (child), which then reports to another Sheriff CSM Server (federated), keep the following in mind:

• Each Sheriff CSM Server (whether a child or federated server) only triggers automatic backups of itself and directly connected sensors. In other words, the federated server does not trigger automatic backups to its child servers.

• Each Sheriff CSM stores its own backup file.

You can select the child server on the federated server, but not the reverse. You can run a manual backup of the child server from the federated server by following the standard backup procedure.

To back up the child server from the federated server:

1. Go to Configuration > Administration > Backups > Configuration.

2. Choose which system you want to use by expanding Show Backups for.

3. Click Run Backup Now.

You can only restore a Sheriff CSM system from a backup file through the Sheriff Console.

Before running a restoration, Sheriff CSM verifies the following and aborts the restoration process if any of these checks fails:

• No re-configuration process is running.

• No other backup or restore processes are running.

• The backup profile matches the system profile. In other words, you cannot restore a backup file from the Sheriff CSM Server on the Sheriff CSM Sensor.

• Backup file version is the same as the target system. In other words, you can only restore a Sheriff CSM version 5.4.3 backup on a system that is running Sheriff CSM version 5.4.3.

  Note: You can restore an Sheriff Vigilante backup on a Sheriff CSM or vice versa, as long as they are the same version.

• Sufficient disk space exists to restore the configuration backup.

Before restoring a backup file, you must transfer the file to the target system and place it in the /var/Sheriff/backup/ directory. You can use either an SFTP client on Windows, such as WinSCP; or the SCP protocol on Linux.

To restore a backup file

1. Connect to the Sheriff Console through SSH and use your credentials to log in.

   The Sheriff Setup menu displays.

2. Select Maintenance & Troubleshooting.

3. Select Backups.

4. Select Restore configuration backup.

5. Select the backup file you want to restore, click <OK> or press Enter.

6. Select <Yes> to continue.

7. Enter the password used to encrypt the backup files.

   The restoration process starts.

   After the process finishes, the system restarts automatically.

   Note: Your SSH connection will drop if the IP address of Sheriff CSM changes as a result of the restoration.

8. Log in to display the Sheriff Setup menu again.

9. Select System Preferences.

10. Select Reset Sheriff API Key.

    To find out more, see Reset the Sheriff API Key.

You can manage the configuration backups on Configuration > Administration > Backups > Configuration.

The configuration backups display in a table format.

Columns / fields for configuration backups

Column / Field Name	Description
System	System chosen for backup
Date	Date and time when the backup was run.
Backup	Backup category. Currently the only category is Configuration.
Type	Backup Type. Supported values are Auto and Manual.
Version	Version of the Sheriff CSM system.
Size	Size of the backup file.
Download	Saves the backup file to your local machine.

By default, Sheriff CSM sorts the backups by their time stamps, with the latest one at the top.

To look for a backup

• Use the search box at the upper left corner.

  Search fields are System (name or IP address), Date, or Type.

To download backups and store them locally

1. Locate the backup you'd like to download.

2. In the last column, click the download icon ().

   Sample backup file format:

   configuration_VirtualSheriffAllInOne_1429616586.tar.gz

   Because the integer string represents epoch time, the backup with the highest number denotes the most recent one.

To delete one or more backups

1. Select the backups by checking the square(s) to the left of each backup.

2. Click the delete icon () above the table towards the right.