I wud suggest u take a complete backup of /var/ossec Sent from BlackBerry® on Airtel
-----Original Message----- From: Michael Altfield <[email protected]> Sender: [email protected] Date: Wed, 18 May 2011 13:34:35 To: ossec-list<[email protected]> Reply-To: [email protected] Subject: [ossec-list] Backup Best Practices Hi list, Is there any OSSEC documentation out there on best practices when backing up the OSSEC Manager? I found this wiki page enumerating files that should be backed up on the Manager http://www.ossec.net/wiki/Know_How:Agents#Migrating.2Fbacking_up_the_manager File are: /var/ossec/etc/client.keys /var/ossec/queue/rids /var/ossec/etc/*.conf /var/ossec/etc/*.xml /var/ossec/rules /var/ossec/etc/shared/agent.conf /var/ossec/queue/syscheck /var/ossec/queue/rootcheck /var/ossec/queue/fts /var/ossec/queue/agentless /var/ossec/logs Is this the complete list of files I need? Assuming my OSSEC Manager and OSSEC Agents were instantly vaporized by a gone-wrong fission experiment, would an off-site tape backup of *just* these files be sufficient to rebuild my entire OSSEC cluster without any lost configuration settings, rules, db data, or log data? Also, is it necessary to stop any of the OSSEC processes before copying these files from disk to tape? I want to ensure my backups aren't corrupt by copying a file that is currently in use... Would I need to backup any files on my Agents? TIA -Michael
