EDR: How To Restore Unified View from Backup
search cancel

EDR: How To Restore Unified View from Backup

book

Article ID: 287712

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to restore Unified View from previously generated backup

Environment

EDR Unified View:  6.1.3 and higher

Resolution

  1. Stop Cb Unified View
service cb-unifiedview stop
  1. Change directories to the backup location
cd /etc/cb/backup​
  1. Restore configuration files
tar -P -xvf cbhosts.tar
tar -P -xvf cbyum.tar
tar -P -xvf cbiptables.tar (CentOS 6/RH 6 only)
tar -P -xvf cbfirewalld.tar (CentOS 7/RH 7 only)
tar -P -xvf cbconfig.tar 
tar -P -xvf cbrsyslog.tar 
tar -P -xvf cbrsyslogd.tar 
tar -P -xvf cblogrotate.tar
  1. Restore Postgres database
service cb-pgsql start
dropdb cb -p 5002
psql template1 -p 5002 -f psqlroles.sql
psql template1 -p 5002 -f psqldump_config.sql
service cb-pgsql stop
  1. Start the Cb Unified View services
service cb-unifiedview start
Powered by Wolken Software