Hi list,
Is there any OSSEC documentation out there on best practices when
backing up the OSSEC Manager?
I found this wiki page enumerating files that should be backed up on
the Manager
http://www.ossec.net/wiki/Know_How:Agents#Migrating.2Fbacking_up_the_manager
File are:
/var/ossec/etc/client.keys
/var/ossec/queue/rids
/var/ossec/etc/*.conf
/var/ossec/etc/*.xml
/var/ossec/rules
/var/ossec/etc/shared/agent.conf
/var/ossec/queue/syscheck
/var/ossec/queue/rootcheck
/var/ossec/queue/fts
/var/ossec/queue/agentless
/var/ossec/logs
Is this the complete list of files I need? Assuming my OSSEC Manager
and OSSEC Agents were instantly vaporized by a gone-wrong fission
experiment, would an off-site tape backup of *just* these files be
sufficient to rebuild my entire OSSEC cluster without any lost
configuration settings, rules, db data, or log data?
Also, is it necessary to stop any of the OSSEC processes before
copying these files from disk to tape? I want to ensure my backups
aren't corrupt by copying a file that is currently in use...
Would I need to backup any files on my Agents?
TIA
-Michael
