Checkpoint Management Center Snapshot, Backup and Log file location - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Wednesday, March 7, 2012

Checkpoint Management Center Snapshot, Backup and Log file location

Our management server Smart-1 is running at standalone mode, not have another HA standby for redundancy. If not having a decent backup for disaster recovery, our situation will be dangerous. Usually I do upgrade_export  from command line and backup checkpoint from WebUI, then ftp both files out in a safe place. Image file at Smart-1 seems not exportable from appliance.

[Expert@CP-Management]# cd /opt/CPsuite-R75.20/fw1/bin/

or cd $FWDIR/bin

[Expert@CP-Management]# cd upgrade_tools/
[Expert@CP-Management]# dir
migrate  migrate.conf  upgrade_export  upgrade_import
[Expert@CP-Management]# ./upgrade_export

'upgrade_export' and 'upgrade_import' have been replaced by the 'migrate' utility.
Run 'migrate' to export and import the Check Point Security Management Server database.
Running 'migrate export' is equivalent to 'upgrade_export'.
Running 'migrate import' is equivalent to 'upgrade_import'.

[Expert@CP-Management]# ./migrate export
Use the migrate utility to export and import Check Point Security Management Server database.
Usage: migrate <ACTION> [OPTIONS] <FILE>
Action (required parameter):
    export - exports database.
    import - imports database.

Options (optional parameters):
    -l - Export/import SmartView Tracker logs.
        Note: only closed logs are exported/imported.
    -n - Run non-interactively

File (required parameter):
    Name of archived file to export/import database to/from. 
Path to archive should exist.

Note: Run the utility either from the current directory or using an absolute path.

[Expert@CP-Management]# ./migrate export CP_SMART_20120308

You are required to close all clients to Security Management Server
or execute 'cpstop' before the Export operation begins.

Do you want to continue? (y/n) [n]? y

Copying required files...
Compressing files...

The operation completed successfully.

Location of archive with exported database: /opt/CPsuite-R75.20/fw1/bin/upgrade_tools/CP_SMART_20120308.tgz

Note: After ftp it out, remember to use md5sum to verify md5 value. 
----------------------------------------------------------------------


[Expert@CP-Management]# cd $FWDIR/log
[Expert@CP-Management]# ls
2011-04-28_171131.log             2011-10-05_235900.loginitial_ptr  2011-10-16_000000.log             2012-01-01_010000.loginitial_ptr  fw.loginitial_ptr   john-ips.tar.gz
2011-04-28_171131.logaccount_ptr  2011-10-05_235900.logptr          2011-10-16_000000.logaccount_ptr  2012-01-01_010000.logptr          fw.logptr           ldap_pid_14310.stats
2011-04-28_171131.loginitial_ptr  2011-10-06_235900.log             2011-10-16_000000.loginitial_ptr  2012-02-01_010000.log             fw.logtrack         ldap_pid_15171.stats
2011-04-28_171131.logptr          2011-10-06_235900.logaccount_ptr  2011-10-16_000000.logptr          2012-02-01_010000.logaccount_ptr  fw.vlog             ldap_pid_23124.stats
2011-07-05_102750.log             2011-10-06_235900.loginitial_ptr  2011-10-21_162716.log             2012-02-01_010000.loginitial_ptr  fw.vlogaccount_ptr  ldap_pid_2410.stats
2011-07-05_102750.logaccount_ptr  2011-10-06_235900.logptr          2011-10-21_162716.logaccount_ptr  2012-02-01_010000.logptr          fw.vloginitial_ptr  ldap_pid_2416.stats
2011-07-05_102750.loginitial_ptr  2011-10-07_235900.log             2011-10-21_162716.loginitial_ptr  2012-03-01_010000.log             fw.vlogptr          ldap_pid_2577.stats
2011-07-05_102750.logptr          2011-10-07_235900.logaccount_ptr  2011-10-21_162716.logptr          2012-03-01_010000.logaccount_ptr  fwd.elg             ldap_pid_2584.stats
2011-10-02_103702.log             2011-10-07_235900.loginitial_ptr  2011-10-23_000000.log             2012-03-01_010000.loginitial_ptr  fwd.elg.0           ldap_pid_2585.stats
2011-10-02_103702.logaccount_ptr  2011-10-07_235900.logptr          2011-10-23_000000.logaccount_ptr  2012-03-01_010000.logptr          fwd.elg.1           ldap_pid_2594.stats
2011-10-02_103702.loginitial_ptr  2011-10-08_235900.log             2011-10-23_000000.loginitial_ptr  BVUuidDB                          fwd.elg.2           ldap_pid_2599.stats
2011-10-02_103702.logptr          2011-10-08_235900.logaccount_ptr  2011-10-23_000000.logptr          actlog.time                       fwd.elg.3           ldap_pid_2621.stats
2011-10-02_235900.log             2011-10-08_235900.loginitial_ptr  2011-10-30_000000.log             connectra_rulenums.html           fwd.elg.4           ldap_pid_2622.stats
2011-10-02_235900.logaccount_ptr  2011-10-08_235900.logptr          2011-10-30_000000.logaccount_ptr  cpca.elg                          fwd.elg.5           ldap_pid_2662.stats
2011-10-02_235900.loginitial_ptr  2011-10-09_235900.log             2011-10-30_000000.loginitial_ptr  cplmd.elg                         fwm.elg             ldap_pid_2744.stats
2011-10-02_235900.logptr          2011-10-09_235900.logaccount_ptr  2011-10-30_000000.logptr          cpmad.err                         fwm.elg.0           ldap_pid_2760.stats
2011-10-03_235900.log             2011-10-09_235900.loginitial_ptr  2011-11-03_160050.log             cpstat_monitor.elg                fwm.elg.1           ldap_pid_2851.stats
2011-10-03_235900.logaccount_ptr  2011-10-09_235900.logptr          2011-11-03_160050.logaccount_ptr  dbver.elg                         fwm.elg.2           ldap_pid_30029.stats
2011-10-03_235900.loginitial_ptr  2011-10-10_235900.log             2011-11-03_160050.loginitial_ptr  dlp_blob_cache.db                 fwm.elg.3           ldap_pid_8465.stats
2011-10-03_235900.logptr          2011-10-10_235900.logaccount_ptr  2011-11-03_160050.logptr          fw.adtlog                         fwm.elg.4           ldap_pid_9655.stats
2011-10-04_235900.log             2011-10-10_235900.loginitial_ptr  2011-12-01_010000.log             fw.adtlogaccount_ptr              fwm.elg.5           log
2011-10-04_235900.logaccount_ptr  2011-10-10_235900.logptr          2011-12-01_010000.logaccount_ptr  fw.adtloginitial_ptr              fwm.elg.6           status_proxy.elg
2011-10-04_235900.loginitial_ptr  2011-10-11_235900.log             2011-12-01_010000.loginitial_ptr  fw.adtlogptr                      fwm.elg.7           upgrade_log.elg
2011-10-04_235900.logptr          2011-10-11_235900.logaccount_ptr  2011-12-01_010000.logptr          fw.log                            fwm.elg.8
2011-10-05_235900.log             2011-10-11_235900.loginitial_ptr  2012-01-01_010000.log             fw.logLuuidDB                     fwui.log
2011-10-05_235900.logaccount_ptr  2011-10-11_235900.logptr          2012-01-01_010000.logaccount_ptr  fw.logaccount_ptr                 ipscntr.elg


--------------------------------------
Faq: Where is WebUI backup/restore file location?

use find command to find it out:
find / -name \*.tgz -mtime -1 -ls 

 /var/log/CPbackup/backups/NGX_R65_/xyz.tgz

---------------------------------------
Faq: Where is WebUI image file location?  - no location
When an image is created blocks are written to the unpartitioned space, there is no actual file.

note (added on July 20 2012) for re-sizing WebUI Image partition:
Found a good explanation regarding how to resize partition on R75 from Michael Thompson in Linedin Post

"Kernel version 2.6 supports online partition resizing, R75 is at version 2.6, to verify issue the command
uname -r 
Depending on your appliance model, it should be outfitted with a 160GB HDD upwards which is should have physical volumes and logical volumes, issue the commands
pvs - to view physical hdd config, take note of vg_splat volume group (VG) and free space available as this would indicate how much your vg_splat/lv_current volume can be resized to
vgs - to view volume groups config, take note of number of logical volumes (LV)
lvs - to view logical volumes
df -h - to view mounted volumes, size, used and free space
Now for resizing
lvresize -L XXGB vg_splat/lv_current 
output should say
Extending logical volume lv_current to XX.00 GB
Logical volume lv_current successfully resized
then issue
resize2fs /dev/mapper/vg_splat-lv_current 
finally issue vgscan and df -h to verify successful resizing

As a side note, R65 requires offline resizing with a slightly more complicated procedure but can also be done."

No comments:

Post a Comment