circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Backup and Restore

hashtag
Backup

Create backups of Logpoint configurations and/or log files. Backups are generated in the background, and are saved in the Backup Archive. While creating a backup of files, Logpoint stores the buffer of the logs in a separate file. Files cannot be restored if you rename the file containing the buffer. Configuration backups do not store the Logpoint License. You must separately add a new license before restoring a configuration backup to a new Logpoint.

circle-check

The CSV files uploaded and used when creating a CSV Enrichment Source are not backed up. After restoring the configuration, you must re-upload the CSV files.

chevron-rightCreating Backupshashtag

There are two ways to create backups:

  1. Save configuration files and generated reports to Logpoint. You can setup a scheduled backup in addition to an immediate backup of configuration files and reports.

  2. Use Simple File Transfer Protocol (SFTP) client and an external device to create an external backup of your logs.

    1. Use the put command to transfer the backup files to Logpoint.

    2. Log file backups are stored in /opt/immune/backup/repos/<folder_name>.

    3. Configurations are backed up in /opt/immune/backup/configurations/zipped

The log backup files are named after the backup date. If any logs are delayed, they are backed up with an incremental value. For example, the backup for February 5, 2025, is saved as logs_2025-02-05.backup, while delayed logs for the same date are stored as logs_2025-02-05_1.backup. A snapshot is also created with the .snap extention.

chevron-rightSaving Configuration Files to Logpointhashtag

  1. Go to Settings >> System Settings from the navigation bar and click Backup and Restore.

  2. Click Backup Settings.

  3. In CONFIGURATION BACKUP, click Schedule Backup to schedule the backup time and retention period.

  4. Select Backup Reports too to backup generated reports.

  5. In Interval, select how often to backup the report.

    1. If you select weekly, select the day of the week to backup.

  6. In Backup Run Hour, enter the time to run the backup. Use Coordinated Universal Time (UTC).

  7. In Backup Retention period enter the number of days Logpoint stores the backup files.

  8. Click Backup now to create a backup of all current configurations.

chevron-rightSaving Configuration Files to External Devicehashtag

Prepare the external device

  1. Generate a public SSH key on the device to transfer the backup files using ssh-keygen command.

  2. In Logpoint, go to Settings >> System Settings from the navigation bar and click Backup and Restore.

  3. Click Backup Settings.

  4. In TRANSPORT TO EXTERNAL, enter the public key of the device.

Backup configurations or log files to an external device using SFTP

Configure log backups and transfer

In LOGS BACKUP:

  1. Click Schedule Log Backup to schedule the time and retention period for the logs backup.

  2. In Backup Run Hour, enter the time to run the backup in UTC.

  3. Enter the Backup Retention period. It is the amount of time (in days) for which Logpoint stores the backups of the logs collected in the repos. It is independent of the retention period for repos.

  4. Select Full Backup to back up logs from all repos for the past 7 days. To ensure optimal performance, we recommend performing a full backup only when Logpoint is receiving a lower volume of logs.

  5. In Backup logs from, select All Days to backup all the logs stored in the repo from past 7 days or select a date to backup logs from that date.

  6. In Repos to backup, select the repos to backup and click the forward icon.

  7. Click Backup now to create a backup of the current logs and indexes from past 7 days.

  8. In the external device, make an SFTP connection to the Logpoint instance or server as a loginspect user:

sftp loginspect@<IP address of Logpoint server>
SFTP Connection to Logpoint

  1. Verify the current folder in the local machine using the lpwd command. You can switch folders using lcd.

  2. Use the get SFTP command to download the backup files to the current folder:

cd configuration/zipped
get <backup file name>

  1. When the backup is done, the command prompt displays:

Files are backed up to external device using SFTP

hashtag
Restore

You can restore backup files from Logpoint or an external device by using a public SSH key to access another Logpoint instance or server, and SFTP to transfer the backup files from:

  • /opt/immune/backup/repos/<folder_name> for log file backups

  • /opt/immune/backup/configurations/zipped for configuration file backups

The name of the repository must match the name of the directory where you are restoring or importing the backup. The Logpoint version to create a backup must be the same version when you restore a backup.

If you are using a Standalone or Distributed Logpoint you can't restore their backup files to a Fabric-enabled Logpoint. You also can't restore Fabric-enabled backup files to a Standalone or Distributed Logpoint.

triangle-exclamation

When you restore log file backups they replace existing logs. You must restore backed up configuration files before restoring their log backups.

You can restore single backup files, or restore multiple backup files at the same time.

chevron-rightRestoring Backup Fileshashtag

  1. Go to Settings >> System Settings from the navigation bar and click Backup and Restore.

  2. Click Backup Archive.

  3. The list of backup files can be long. The default view lists all backups. To filter the list, use FILTER at the top left to select:

    1. Log backups only

    2. Configuration backups only

    3. Checksum backups only

  4. To backup:

    1. a single backup file, find it in the list and select it. In the Actions column, click the arrow icon.

    2. multiple backups, select them in the list. At the top right, click the MORE dropdown and click Restore Selected.

  5. Click Yes to confirm file restoration.

chevron-rightDeleting Backup Fileshashtag

  1. Go to Settings >> System Settings from the navigation bar and click Backup and Restore.

  2. Click Backup Archive.

  3. The list of backup files can be long. The default view lists all backups. To filter the list, use FILTER at the top left to select:

    1. Log backups only to backup the log files.

    2. Configuration backups only to back up what you configured in Logpoint.

    3. Checksum backups only to ensure data integrity and verify that logs and configurations are not altered and that there are no errors.

  4. To delete:

    1. a single backup file, find it in the list and select it. In the Actions column, click the delete icon.

    2. multiple backups, select them in the list. At the top right, click the MORE dropdown and click Delete Selected.

    3. all backups, select them all in the list from the top left. At the top right, click the MORE dropdown and click Delete All.

  5. Click Yes to confirm file deletion.

Last updated

Was this helpful?