Backup
142 views
Skip to first unread message
Claudio Aleksitch
Nov 14, 2022, 12:38:16 PM11/14/22
to Wazuh mailing list
Hi Team
I'm a new user
I'm installing Wazuh using docker images. This will be used for the production environment
I would like to know the best practice for Backup Manager, Indexer and Dashboard. I'm concerned about dabatase, settings and log history
thank you in advance
I'm a new user
I'm installing Wazuh using docker images. This will be used for the production environment
I would like to know the best practice for Backup Manager, Indexer and Dashboard. I'm concerned about dabatase, settings and log history
thank you in advance
Mauricio Ruben Santillan
Nov 14, 2022, 1:44:36 PM11/14/22
to Claudio Aleksitch, Wazuh mailing list
Hello Claudio!
The backup methods for Wazuh deployed in docker are actually the same as the ones used in Wazuh if you installed it directly on a VM or server.
The backup methods for Wazuh deployed in docker are actually the same as the ones used in Wazuh if you installed it directly on a VM or server.
You just need to make sure to use volumes to store all your Wazuh data. By default (and as commented here), the Wazuh docker deployment will use persistence on its data.
Currently, there are 2 ways of performing backups of Wazuh alerts:
In any case, to backup your Wazuh configurations you will also need to copy the content of next directories from the Wazuh manager:
Also, in case you created some visualization/dashboard in Wazuh Dashboard, you can export them from Wazuh Dashboard pie menu (top-left side of the screen) → Stack Management → Saved Objects.
I hope this helps! Let me know any doubt!
Currently, there are 2 ways of performing backups of Wazuh alerts:
- Saving historical alerts from the Wazuh Manager's /var/ossec/logs/alerts/ directory and its subdirectories: https://wazuh.com/blog/index-backup-management/
- Performing snapshots of your indexed data: https://wazuh.com/blog/index-backup-management/
- /var/ossec/active-response/ (Only in case you added a custom script here. Otherwise it is not needed).
- /var/ossec/api (Only in case you customized API settings. Normally it is not needed).
- /var/ossec/etc
- /var/ossec/integrations (Only in case you added a custom script here. Otherwise it is not needed).
- /var/ossec/queue
- /var/ossec/var/multigroups
- /var/ossec/wodles/ (Only in case you added a custom script here. Otherwise it is not needed).
Also, in case you created some visualization/dashboard in Wazuh Dashboard, you can export them from Wazuh Dashboard pie menu (top-left side of the screen) → Stack Management → Saved Objects.
I hope this helps! Let me know any doubt!
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c3abe0a7-0501-44d9-8ada-2107495c3c0en%40googlegroups.com.
 | Mauricio Santillan IT Security Engineer - Support DRI |
Claudio Aleksitch
Nov 16, 2022, 1:50:44 PM11/16/22
to Wazuh mailing list
Tks Mauricio
Mauricio Ruben Santillan
Nov 16, 2022, 1:52:10 PM11/16/22
to Claudio Aleksitch, Wazuh mailing list
Glad to help.
Let us know how it goes!
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/22a8df35-5cc4-4e19-b60c-5ccd0479bde3n%40googlegroups.com.
Claudio Aleksitch
Nov 16, 2022, 2:02:06 PM11/16/22
to Wazuh mailing list
I understood the backup process. Thanks a lot
Few minutes ago I created new question to check if it is possible to change all docker volumes to S3 instead local volumes
best regards
Few minutes ago I created new question to check if it is possible to change all docker volumes to S3 instead local volumes
best regards
Reply all
Reply to author
Forward
0 new messages