Here are some notes I recorded when I was working on Symantec DLP project, mostly focusing on operation DLP servers, not involving installation, configuration, or troubleshooting. That will be in other posts in this blog. Please filter them out using Symantec category in the menu or sidebar.
Restart DLP Enforce services in the correct order
The following order is important when stopping and starting DLP services in Windows or Linux.
Stopping services in DLP 15.1 and later
1. Symantec DLP Detection Server Controller
2. Symantec DLP Incident Persister
3. Symantec DLP Manager
4. Symantec DLP Notifier
2. Symantec DLP Incident Persister
3. Symantec DLP Manager
4. Symantec DLP Notifier
Starting services in DLP 15.1 and later
1. Symantec DLP Notifier
2. Symantec DLP Manager
3. Symantec DLP Incident Persister
4. Symantec DLP Detection Server Controller
2. Symantec DLP Manager
3. Symantec DLP Incident Persister
4. Symantec DLP Detection Server Controller
Cold Backup Symantec DLP Oracle DB
Here is an example, assuming, Oracle DB has been installed to D:\Oracle folder. The Symantec DLP Backup folder is at the same machine under following folder: C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\There are two folders under this DLP backup folder:
- Database
- Recovery_Aid
Here is a summary of the steps to backup the Oracle Database from the Symantec Data Loss Prevention System Maintenance Guide for DLP 15.0:
- Create recovery aid files. See “Creating recovery aid files on Windows” section.
- Collect a list of directories that should be backed up. See "Collecting a list of files to be backed up" section.
- Shut down all of the Symantec Data Loss Prevention and Oracle services. See “Shutting down the Symantec Data Loss Prevention system on Windows” for detail steps.
- Copy the Database files to the backup location. See “Copying the Database files to the backup location on Windows” for detailed steps.
- Back up the incident attachment external storage directory. *If you are using an external storage directory for incident attachments, work with your storage system administrator to back up that directory.
- Restart the Oracle and Symantec Data Loss Prevention services. See “Restarting the system on Windows” for detailed steps.
1. Create recovery aid files.
Oracle Service is running in normal status.
1.1 At the command prompt, enter sqlplus /nolog
1.2 At the SQL> command prompt, to connect as the sysdba user, enter
connect sys/password@protect as sysdba
where password is the SYS password.
1.3 After receiving the Connected message, at the SQL> command prompt, enter:
alter database backup controlfile to trace as 'C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Recovery_Aid\controlfile.trc';
Success is indicated by the message "Database altered."
note: controlfile.trc md5 vaule checked. It always same.
1.4 Issue the following command to backup the init.ora file.
create pfile='C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Recovery_Aid\init.ora' from spfile;
Success is indicated by the message "File created"
note: init.ora is a txt file, but value inside could be changed.
1.5 Navigate to the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Recovery_Aid directory. You should see the controlfile.trc and init.ora files in this directory.
1.6 Rename the file controlfile.trc so that it can be easily identified, for example:
controlfilebackupMMDDYY.trc
2. Collecting a list of files to be backed up
You only need to do this at the first time. Once you have list, just using this same list for later backup. Basically, you just need to copy everything under Oracle DB instance folder to backup folder. In my case, my Oracle instance name is default name, protect. My oracle DB folder is D:\ORACLE\ORADATA\PROTECT\2.1 Enter the following SQL commands to create lists of files that must be backed up: (One command)
SELECT file_name FROM dba_data_files
UNION
SELECT file_name FROM dba_temp_files
UNION
SELECT name FROM v$controlfile
UNION
SELECT member FROM v$logfile;
2.2 Save the list of files returned by the query to use in the following procedures: C:\Program Files\Symantec\DataLossPrevention\ SymantecDLP_Backup_Files\Recovery_Aid\ oracle_datafile_directories.txt.
C:\Users\admin>sqlplus /nolog
SQL*Plus: Release 12.2.0.1.0 Production on Sun Dec 15 21:29:32 2019
Copyright (c) 1982, 2016, Oracle. All rights reserved.
SQL> connect sys/A5uPVqbK@protect as sysdba
Connected.
SQL>
SQL> SELECT file_name FROM dba_data_files
2 UNION
3 SELECT file_name FROM dba_temp_files
4 UNION
5 SELECT name FROM v$controlfile
6 UNION
7 SELECT member FROM v$logfile;
FILE_NAME
-------------------------------------------------------
D:\ORACLE\ORADATA\PROTECT\CONTROL01.CTL
D:\ORACLE\ORADATA\PROTECT\CONTROL02.CTL
D:\ORACLE\ORADATA\PROTECT\CONTROL03.CTL
D:\ORACLE\ORADATA\PROTECT\DRSYS01.DBF
D:\ORACLE\ORADATA\PROTECT\LOB01.DBF
D:\ORACLE\ORADATA\PROTECT\REDO01.LOG
D:\ORACLE\ORADATA\PROTECT\REDO02.LOG
D:\ORACLE\ORADATA\PROTECT\REDO03.LOG
D:\ORACLE\ORADATA\PROTECT\SYSAUX01.DBF
D:\ORACLE\ORADATA\PROTECT\SYSTEM01.DBF
D:\ORACLE\ORADATA\PROTECT\TEMP01.DBF
FILE_NAME
-------------------------------------------------------
D:\ORACLE\ORADATA\PROTECT\UNDOTBS01.DBF
D:\ORACLE\ORADATA\PROTECT\USERS01.DBF
13 rows selected.
SQL>
Note: the list is not changed.
3. Creating a copy of the spfile on Windows
To create a copy of the spfile
3.1 In Oracle SQL*Plus, at the SQL> command prompt, enter:
create pfile='C:\Temp\inittemp.ora' from spfile;
Success is indicated by a message "File created"
Note: the spfile content will be changed.
3.2 To exit Oracle SQL*Plus, enter: exit
3.3 Navigate to the C:\Temp directory and verify that the inittemp.ora file was created.
3.4 In Windows, copy the inittemp.ora file from the C:\Temp directory to the \Recovery_Aid subdirectory that you created earlier on the backup computer.
4. Shutting down the Symantec Data Loss Prevention system on Windows
4.1 Stopping following four services in DLP Enforcement Server version 15.1 and later
4.1.1. Symantec DLP Detection Server Controller
4.1.2. Symantec DLP Incident Persister
4.1.3. Symantec DLP Manager
4.1.4. Symantec DLP Notifier
4.2 On the computer that hosts the database, stop the OracleService databasename, where
databasename is the Global Database Name and SERVICE_NAME selected during
installation.4.1.2. Symantec DLP Incident Persister
4.1.3. Symantec DLP Manager
4.1.4. Symantec DLP Notifier
5. Copying the database files to the backup location on Windows
5.1 Make sure that the Oracle services are stopped.
If needed, you might want to backup C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files into another archived backup folder
5.2 On the computer that hosts the database, copy the files from the list that you collected in the procedure Collecting a list of files to be backed up to the computer that hosts the backup files. Copy the Protect directory (For example: D:\oracle\oradata\protect) into the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Database directory of the computer that hosts the backup files.
5.3 On the computer that hosts the database, select the %ORACLE_HOME%\database\PWDprotect.ora file and copy it into the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Database directory of the computer that hosts the backup files.
%ORACLE_HOME% = D:\oracle\product\12.2.0.1\db_1\
note: if you do not know your %ORACLE_Home% name, you can just search PWDprotect.ora file from your hard drive. Found PWDprotect.ora md5 value was not changed with time changes.
6. Restarting the system on Windows
To restart the system
6.1 On the computer that hosts the database, navigate to Start > All Programs > Administrative Tools > Services to open the Windows Services menu.
6.2 From the Services menu, start all of the Oracle services:
■ OracleServiceDATABASENAME
6.3 On the computer that hosts the Enforce Server, start the SymantecDLPNotifierService service before starting other Symantec Data Loss Prevention services.
6.4 Starting services in DLP 15.1 and later
6.4.1. Symantec DLP Notifier
6.4.2. Symantec DLP Manager
6.4.3. Symantec DLP Incident Persister
6.4.4. Symantec DLP Detection Server Controller
6.4.2. Symantec DLP Manager
6.4.3. Symantec DLP Incident Persister
6.4.4. Symantec DLP Detection Server Controller
No comments:
Post a Comment