Reinstall and update Ubuntu 12.04.
Install packages needed by SO via apt-get from native Ubuntu sources and from the SO PPA.
Run sosetup phase 2 only, skipping the network config phase and configuring things the same way as was originally done.
Shut down absolutely all SO stuff that is running.
Restore all the files and MySQL databases/tables needed to get me back to my pre-crashed SO system state.
Reboot and enjoy a working system again, with all my customizations intact, but minus the large data items I couldn't afford to back up.
I'm thinking of dumping the following databases
mysql (to get all the MySQL db users and permissions backed up)
elsa_web
securityonion_db (excluding the SANCP tables)
snorby
syslog
NOT syslog_data which contains the huge ELSA log data
mysqldump --databases mysql elsa_web securityonion_db snorby syslog --ignore-table=securityonion_db.sancp | gzip > so-backup.sql.gz
/nsm/ - except for /nsm/sensor_data/*/dailylogs/ and /nsm/elsa/data/
/etc/cron.d/
/etc/nsm/
/etc/sphinxsearch/
/var/ossec/
/opt/bro/
/opt/elsa/
/opt/snorby/
/opt/xplico/
/var/www/
/etc/networking/interfaces
/etc/udev/rules.d/70-persistent-net.rules
/lib/ufw/user.rules
/etc/syslog-ng/syslog-ng.conf
/etc/elsa_node.conf
/etc/elsa_web.conf
/etc/modprobe.d/pf_ring.conf
/etc/mysql/my.cnf
/etc/apparmor.d/
Frank,
You could try taking a look at the following scripts located in /usr/sbin:
nsm_server_backup-data
nsm_server_backup-config
nsm_sensor_backup-data
nsm_sensor_backup-config
I don't believe the scripts are tested regularly, but it may be worth it to look into them to see if they meet your need(s).
Thanks,
Wes