Backup best practices for Symantec DLP

book

Article ID: 159906

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Learn how to properly back up Symantec Data Loss Prevention (DLP) files and directories.

Environment

DLP 15.x

Resolution

Listed below is a summary of what you need to back up for Symantec DLP.  We recommend that you reference the DLP System Maintenance Guide (select your version in the top menu).

Symantec Technical Support does not provide instructions to or support for a Hot Backup of the Oracle Database files; please see the DLP System Maintenance Guide for more information.

For Enforce 15.1 -> Current 

The following directories should be backed up on the Symantec DLP Enforce and Detection Servers, where applicable.

Logs \ProgramData\Symantec\DataLossPrevention\EnforceServer\15.x\logs
Keystore \ProgramData\Symantec\DataLossPrevention\EnforceServer\15.x\keystore
Plugins \Program Files\Symantec\DataLossPrevention\ContentExtractionService\15.x\Plugins\Protect\plugins
Server configuration \Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\config
CryptoKeys \Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\config\CryptoMasterKey.properties
Tomcat \Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\tomcat\conf

 

For RHEL here are the relative paths:

Logs

/var/log/Symantec/DataLossPrevention/EnforceServer/15.x/

Keystore /var/Symantec/DataLossPrevention/EnforceServer/15.x/keystore
Plugins /opt/Symantec/DataLossPrevention/ContentExtractionService/15.x/Plugins/Protect/plugins
Server configuration /opt/Symantec/DataLossPrevention/EnforceServer/15.x/Protect/config
CryptoKeys /opt/Symantec/DataLossPrevention/EnforceServer/15.x/Protect/config/CryptoMasterKey.properties
Tomcat /opt/Symantec/DataLossPrevention/EnforceServer/15.x/Protect/tomcat/conf


For Enforce version 15.0 and below: 

The following directories should be backed up on the Symantec DLP Enforce and Detection Servers, where applicable. Note that the \Vontu\ directory may be named \SymantecDLP\ depending on the version you initially installed, so please use these interchangeably:

Logs \Vontu\Protect\logs
Keystore \Vontu\Protect\tomcat\conf
Plugins \Vontu\Protect\plugins
Server configuration \Vontu\Protect\config
CryptoKeys \Vontu\Protect\keystore

 

To create the resource reinstallation kit:

1.) Run the ReinstallationResourcesUtility

2.) See The Symantec_DLP_<version)_Install_guide_<OS>.pdf for more details. 

To create the resource reinstallation kit manually:

1.) Ensure you have a verified back up of BOTH Enforce and the Database.
2.) The new OS must have the same name and IP address as the old Enforce so that the detectors will report back correctly.
3.) mkdir a directory on a large drive called EnforceReinstallationResources
4.) mkdir directory called "config".
5.) mkdir called "keystore".
6.) From the existing "config" directory in the SymantecDLP install, copy the:
CryptoMasterKey.properties
EncryptedPropertiesFilesEncryptionKey.key
Databasepassword.properties
files, and place them into your new "config" directory.
7.) Place this new "config" folder containing those three files into the "EnforceReinstallationResources" directory.
8.) Place a copy of the existing "keystore" directory from the SymantecDLP install into the "EnforceReinstallationResources" (\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7\keystore)
9.) Create a zip archive of this "EnforceReinstallationResources" directory with the name EnforceReinstallationResources.zip.

Here is a summary of the steps to backup the Oracle Database from the DLP System Maintenance Guide:

  1. Create recovery aid files. See “Creating recovery aid files on Windows” section.
  2. Collect a list of directories that should be backed up. See "Collecting a list of files to be backed up" section.
  3. Shut down all of the Symantec Data Loss Prevention and Oracle services. See “Shutting down the Symantec Data Loss Prevention system on Windows” for detail steps.
  4. Copy the Database files to the backup location. See “Copying the Database files to the backup location on Windows” for detailed steps.
  5. Back up the incident attachment external storage directory. *If you are using an external storage directory for incident attachments, work with your storage system administrator to back up that directory.
  6. Restart the Oracle and Symantec Data Loss Prevention services. See “Restarting the system on Windows” for detailed steps.

The frequency for your database backup depends on the usage of your database, how often policies are updated, any company or legal regulations that your company might have to adhere to, your policies concerning the retention of incidents, and whether you are able to schedule time and space for backups.

Remember, by backing up your database regularly, you are protecting yourself from losing incidents, policies, and settings in the event something happens to your Oracle database server. The more frequently  you backup the database the better chance you have for recovering lost data.

For more information please refer to your Maintenance Guide (select your version in the top menu) and this related article: