AUDIT VAULT AND DB FW BACKUP RESTORE STEPS

Click to add to Favorites Audit Vault Server Backup and Restore for Release 12.1.2.10.0 and Prior (Doc ID 1556200.1) To BottomTo Bottom In this Document Purpose Scope Details Backing up Audit Vault Server Restoring the Backup Special Notice on ARCHIVELOG Mode Special Notice on Hot Backup and Concurrent ILM Archive Diagnosing Failures Applies to: Oracle Audit Vault and Database Firewall - Version 12.1.0.0 and later Information in this document applies to any platform. Purpose This document describes how to create a manual backup of the Audit Vault Server installation and restoring that backup to new, replacement hardware using the Bash shell scripts from the backup_restore12.1.2.10.0.tar.gz file which is attached to this note. IMPORTANT: This version of the scripts was released on 21-MAy-2016. If you have been using the scripts attached to the previous version on this note, please upgrade your scripts immediately. Do NOT continue to use the old scripts. Note that backups taken with a previous version of the script can be restored with the new version. Note: As of Audit Vault and Database Firewall 12.2 the backup and restore feature was integrated into the appliance. You can read more about the AVDF 12.2 backup/restore in the documentation. Scope A complete Audit Vault and Database Firewall 12.1 (AVDF) configuration must exist of both Audit Vault Server(s) and Database Firewall(s). The instructions in this note only apply to the Audit Vault Server, not to the Database Firewall. Details Two types of backups are supported: hot and cold. When taking a hot backup, the Audit Vault Server functions normally. When taking a cold backup, the Audit Vault Server stops event processing during the backup operation. To enable hot backup, the Audit Vault Server’s internal Oracle database must be switched to ARCHIVELOG mode. The script archivelog.sh is provided to switch to ARCHIVELOG mode, and the script noarchivelog.sh can be used to revert Audit Vault Server back to non-ARCHIVELOG mode. The mode switch temporarily shuts down the internal database and interrupts event processing. These two scripts have to be executed as 'oracle'. The backup_restore.sh script must be executed as 'root'. NOTE: It is not necessary to switch Audit Vault Server back to non-ARCHIVELOG mode as long as regular hot backup is taken. Backing up Audit Vault Server When a backup is taken, the Audit Vault Server’s configurations and database data are copied to the backup directory. The disk space needed by the backup directory is determined by the size of the Audit Vault Server’s internal database. To find the database size, log into the server as user “oracle” and perform the following operations: $ sqlplus / as sysdba SQL> select sum (bytes)/1024/1024/1024||’ GB’ from dba_data_files It is desirable for the backup directory to be located off of the Audit Vault Server by putting it on a remote NFS export or iSCSI disk. This setup has to be manually accomplished and is outside the scope of this document. All access to the backup directory is done by user ID 503 and group ID 504. In an HA pair, backup only the primary Audit Vault Server. Backup of a secondary Audit Vault Server is not required. To create a backup, configure and run the script backup_restore.sh. The user-configurable portion of this script is wholly confined to setting script variables above the line “STOP! No user customization variables below this line”. A detailed description comes immediately above each variable. Upon successful backup, backup_restore.sh script will exit with status 0 and will output “BACKUP completed successfully” to the terminal. Restoring the Backup The restored Audit Vault Server uses all the configurations of the original server; therefore, it is not recommended to have both the restored and original Audit Vault Servers online at the same time in a single network due to IP address and database name conflicts. Follow the steps below to restore a backup: 1. Install the same version of Oracle Audit Vault and Database Firewall Server that you are attempting to restore to i.e. If you backed up from, say, 12.1.2.3.0 version and are attempting to restore that backup, please do a fresh install of 12.1.2.3.0 version of the Oracle Audit Vault and Database Firewall software. 2. Using the Web GUI of the new install, set it's date and time current. To access the Web GUI, please point your browser to https: where is the IP address of the freshly installed server. 3. If remote storage is used (in version 12.1.2.0.0 (or higher)), configure the iSCSI disks of the freshly installed AVS Server using its Web GUI or AVCLI; add disks to the appropriate ASM diskgroup to create sufficient space. Extra information is available in info.txt in the backup directory. 4. Create the backup directory at the same absolute path location (the path information is available in the backup’s info.txt file). Make sure both the backup directory and its parent directory are owned by oracle:oinstall. Stage the contents of the backup/restore archive into this directory and make them owned by oracle:oinstall. 5. Configure and run backup_restore.sh script. Make sure you set KEEP_LOGS to YES. The restore operation will complete and reboot the system automatically. 6. Once restore completes (after the automatic reboot), check the contents of the generated restore_recover.txt. Look for the lines like: ...... datafile 6 not processed because file is offline datafile 7 not processed because file is offline ...... 7. If you do not see the above lines, you can skip to step 8. Log on through RMAN and connect target. Do RMAN> connect target / If password is set during backup, set the decryption password. RMAN> set decryption identified by ''; Do RMAN> restore datafile 6,7; where the numbers are from the list we found from step 6. 8. Update /var/lib/oracle/dbfw/av/conf/bootstrap.prop. Make sure both HOST IPs of the connect strings are pointing to the original Audit Vault and Database Firewall Server i.e. use the IP address of the original Audit Vault and Database Server for both places. 9. If NFS ILM Archive locations were used, manually remount those NFS locations using AVCLI. When restoring a backup taken on an HA primary Audit Vault Server, the restored HA status is switched to “standalone”. Special Notice on ARCHIVELOG Mode In order to perform a hot backup, the Audit Vault Server’s internal database must be in ARCHIVELOG mode. While in ARCHIVELOG mode, old database redo logs are saved until each backup operation; this requires additional disk space in /var/lib/oracle (for pre-12.1.2.0.0) and +RECOVERY (for 12.1.2.0.0 and higher). The disk space requirement is proportional to the amount of incoming events between backups. The default size of 10GB should be enough when regular backups (whether full or incremental) are taken. Special Notice on Hot Backup and Concurrent ILM Archive Part of the ILM archive job deletes transferred datafile(s), and tablespace with deleted datafiles are marked not-to-be-backup (i.e. v$tablespace.included_in_database_backup). However, when an ILM archive job (which must be user initiated) runs concurrently with a backup (via backup_restore.sh), there is a race between backup_restore.sh reading a datafile and ILM deleting that datafile. If ILM deletes the datafile while backup_restore.sh is still reading, an RMAN error of missing datafile is reported by backup_restore.sh. The workaround is to re-run backup_restore.sh when the ILM job finishes. This issue is not applicable to cold backup because the Audit Vault Server’s internal database is shutdown during a cold backup which prevents users from initiating an ILM archive job. Diagnosing Failures During the execution of the script, logs of the script activities are written to the location specified by the TMP_DIR variable. It may be necessary to examine these logs to determine the cause of script failure (e.g. RMAN IO error in the log indicates disk access failure such as out of disk space). Known issues: #1 The restore script does not work for Cold incremental 1 backup. Please do not use the backup_restore.sh to get Cold incremental 1 backups for they will not be usable.