Latest Posts

Symantec DLP Operation Notes (Reboot and Backup Oracle DB Procedures)


Here are some notes I recorded when I was working on Symantec DLP project.


Restart DLP Enforce services in the correct order

The following order is important when stopping and starting DLP services in Windows or Linux.

Stopping services in DLP 15.1 and later

            1. Symantec DLP Detection Server Controller
            2. Symantec DLP Incident Persister
            3. Symantec DLP Manager
            4. Symantec DLP Notifier

Starting services in DLP 15.1 and later

            1. Symantec DLP Notifier
            2. Symantec DLP Manager
            3. Symantec DLP Incident Persister
            4. Symantec DLP Detection Server Controller

Cold Backup Symantec DLP Oracle DB

Here is an example, assuming, Oracle DB has been installed to D:\Oracle folder. The Symantec DLP Backup folder is at the same machine under following folder: C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\

There are two folders under this DLP backup folder:
  • Database 
  • Recovery_Aid
Here is a summary of the steps to backup the Oracle Database from the Symantec Data Loss Prevention System Maintenance Guide for DLP 15.0:
  1. Create recovery aid files. See “Creating recovery aid files on Windows” section.
  2. Collect a list of directories that should be backed up. See "Collecting a list of files to be backed up" section.
  3. Shut down all of the Symantec Data Loss Prevention and Oracle services. See “Shutting down the Symantec Data Loss Prevention system on Windows” for detail steps.
  4. Copy the Database files to the backup location. See “Copying the Database files to the backup location on Windows” for detailed steps.
  5. Back up the incident attachment external storage directory. *If you are using an external storage directory for incident attachments, work with your storage system administrator to back up that directory.
  6. Restart the Oracle and Symantec Data Loss Prevention services. See “Restarting the system on Windows” for detailed steps.
There are more details about those six steps to follow to do a cold backup of Symantec DLP Oracle in Windows:

1. Create recovery aid files.
Oracle Service is running in normal status.
1.1 At the command prompt, enter sqlplus /nolog
1.2 At the SQL> command prompt, to connect as the sysdba user, enter
connect sys/[email protected] as sysdba 

where password is the SYS password.
1.3 After receiving the Connected message, at the SQL> command prompt, enter:
alter database backup controlfile to trace as 'C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\ Recovery_Aid\controlfile.trc'; 

Success is indicated by the message "Database altered."

1.4 Issue the following command to backup the init.ora file.
create pfile='C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\ Recovery_Aid\init.ora' from spfile;

Success is indicated by the message "File created"

1.5 Navigate to the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Recovery_Aid directory. You should see the controlfile.trc and init.ora files in this directory.
1.6 Rename the file controlfile.trc so that it can be easily identified, for example:
controlfilebackupMMDDYY.trc

2. Collecting a list of files to be backed up
You only need to do this at the first time. Once you have list, just using this same list for later backup. Basically, you just need to copy everything under Oracle DB instance folder  to backup folder. In my case, my Oracle instance name is default name, protect. My oracle DB folder is D:\ORACLE\ORADATA\PROTECT\2.1 Enter the following SQL commands to create lists of files that must be backed up: (One command)
SELECT file_name FROM dba_data_files 
UNION 
SELECT file_name FROM dba_temp_files 
UNION 
SELECT name FROM v$controlfile 
UNION 
SELECT member FROM v$logfile; 
2.2  Save the list of files returned by the query to use in the following procedures: C:\Program Files\Symantec\DataLossPrevention\ SymantecDLP_Backup_Files\Recovery_Aid\ oracle_datafile_directories.txt.


C:\Users\admin>sqlplus /nolog
SQL*Plus: Release 12.2.0.1.0 Production on Sun Dec 15 21:29:32 2019
Copyright (c) 1982, 2016, Oracle.  All rights reserved.

SQL> connect sys/[email protected] as sysdba
Connected.

SQL>
SQL> SELECT file_name FROM dba_data_files
  2  UNION
  3  SELECT file_name FROM dba_temp_files
  4  UNION
  5  SELECT name FROM v$controlfile
  6  UNION
  7  SELECT member FROM v$logfile;


FILE_NAME
-------------------------------------------------------

D:\ORACLE\ORADATA\PROTECT\CONTROL01.CTL
D:\ORACLE\ORADATA\PROTECT\CONTROL02.CTL
D:\ORACLE\ORADATA\PROTECT\CONTROL03.CTL
D:\ORACLE\ORADATA\PROTECT\DRSYS01.DBF
D:\ORACLE\ORADATA\PROTECT\LOB01.DBF
D:\ORACLE\ORADATA\PROTECT\REDO01.LOG
D:\ORACLE\ORADATA\PROTECT\REDO02.LOG
D:\ORACLE\ORADATA\PROTECT\REDO03.LOG
D:\ORACLE\ORADATA\PROTECT\SYSAUX01.DBF
D:\ORACLE\ORADATA\PROTECT\SYSTEM01.DBF
D:\ORACLE\ORADATA\PROTECT\TEMP01.DBF

FILE_NAME
-------------------------------------------------------

D:\ORACLE\ORADATA\PROTECT\UNDOTBS01.DBF
D:\ORACLE\ORADATA\PROTECT\USERS01.DBF

13 rows selected.
SQL>




3. Creating a copy of the spfile on Windows
To create a copy of the spfile
3.1 In Oracle SQL*Plus, at the SQL> command prompt, enter:
create pfile='C:\Temp\inittemp.ora' from spfile; 

Success is indicated by a message "File created"
3.2 To exit Oracle SQL*Plus, enter: exit 
3.3 Navigate to the C:\Temp directory and verify that the inittemp.ora file was created.
3.4 In Windows, copy the inittemp.ora file from the C:\Temp directory to the \Recovery_Aid subdirectory that you created earlier on the backup computer.

4. Shutting down the Symantec Data Loss Prevention system on Windows
4.1 Stopping following four services in DLP Enforcement Server version 15.1 and later
            4.1.1. Symantec DLP Detection Server Controller
            4.1.2. Symantec DLP Incident Persister
            4.1.3. Symantec DLP Manager
            4.1.4. Symantec DLP Notifier
4.2 On the computer that hosts the database, stop the OracleService databasename, where databasename is the Global Database Name and SERVICE_NAME selected during installation.




5. Copying the database files to the backup location on Windows

5.1 Make sure that the Oracle services are stopped.
If needed, you might want to backup C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files into another archived backup folder
5.2 On the computer that hosts the database, copy the files from the list that you collected in the procedure Collecting a list of files to be backed up to the computer that hosts the backup files. Copy the Protect directory into the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Database directory of the computer that hosts the backup files.
5.3 On the computer that hosts the database, select the %ORACLE_HOME%\database\PWDprotect.ora file and copy it into the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Database directory of the computer that hosts the backup files.

%ORACLE_HOME% = D:\oracle\product\12.2.0.1\db_1\

note: if you do not know your %ORACLE_Home% name, you can just search PWDprotect.ora file from your hard drive.

6. Restarting the system on Windows
To restart the system
6.1 On the computer that hosts the database, navigate to Start > All Programs > Administrative Tools > Services to open the Windows Services menu.
6.2 From the Services menu, start all of the Oracle services:
■ OracleServiceDATABASENAME
6.3 On the computer that hosts the Enforce Server, start the SymantecDLPNotifierService service before starting other Symantec Data Loss Prevention services.
6.4 Starting services in DLP 15.1 and later
            6.4.1. Symantec DLP Notifier
            6.4.2. Symantec DLP Manager
            6.4.3. Symantec DLP Incident Persister
            6.4.4. Symantec DLP Detection Server Controller


References

















No comments