Live Backup enables you to mirror your production server to a backup server, and in disaster recovery scenarios to easily convert your backup server to be the production server.
When using Cortex XSOAR with Elasticsearch, Live Backup is not available. To back up or restore the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch. Alternatively, you can also implement a full high availability solution.
Before you start, ensure that you save the disaster recovery configurations before you copy all files.
These instructions do NOT apply to multi-tenant deployments. Instead, follow the Configure Live Backup instructions in the multi-tenant guide.
On the production server, enable live backup.
Go to→ → → .
Verify that the External Host Name is correct.
Click Add Server Configuration.
Add the following key and value.
Go to Live Backup field, select ON.→ and in the
Add the following backup server parameters.
Backup server IP address or Host name (without https:// prefix).
Default is 443.
Trust server certificate (unsecured)
ON: certificates are not checked. OFF: certificates are checked.
Select whether to use a proxy.
On the backup machine (with a different host name or IP address), install Cortex XSOAR.
sudo ./demistoserver-xxxx.sh -- -dr -do-not-start-server
Verify that the backup server is accessible from the production server through port 443 (or any other port configured as a listening port). Ensure that there are no firewalls that might drop communication.
On the production server, stop the Cortex XSOAR server:
sudo service demisto stop
On the production server, create a tarball file of the necessary files and folders on the production server and copy it to the backup server.
This process may take several hours, depending on your server specs and the amount of data that needs to be copied.
Ensure that all files and folders located in
chown -R demisto:demisto /var/lib/demisto
Create the tarball file:
tar --ignore-failed-read -pczf demistoBackup.tgz /var/lib/demisto/data /var/lib/demisto/artifacts /var/lib/demisto/attachments /var/lib/demisto/images /var/lib/demisto/systemTools /var/lib/demisto/d2_server.key /usr/local/demisto/cert* /usr/local/demisto/demisto.lic
demisto.licfile is located in
/usr/local/demisto/demisto.lic. If so, change the directory in the command.
If you have not set up a D2 server, you can remove
Verify the integrity of the tar file:
Print the contents of the tar file to a text file:
tar -tvf demistoBackup.tgz > demistoBackup.txt
Do not delete the text file.
Transfer the tarball file (
demistoBackup.tgz) to the backup server, using your preferred tool such as scp:
# scp demistoBackup.tgz root@<yourBackupServerIPortHostname>:/root
On the backup server, check the MD5 Checksum and compare it to the original file to verify the tar file is 100% valid:
The MD5 sum is displayed. Compare this value against the MD5 sum saved in demistoBackup.txt in Step 4.
On the backup server, extract the backup tarball file (original file permissions and ownership are preserved):
sudo tar -C / -xzpvf demistoBackup.tgz
Ensure all the copied files and folders have
Start the backup server:
sudo service demisto start
Start the production server:
sudo service demisto start
If the procedure is successful, Live Backup is ON.