cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1874
Views
0
Helpful
1
Replies
Beginner

How to backup the database in stealthwatch?

Hello,

 

Has anyone backed up the database in stealthwatch version 7.0?

 

I want to back up the database on my computer, but trying to test the connectivity with the remote system gives me the following error

 

stealth.PNG

 

On my computer I enabled SMB, I gave administrator permissions to the account and to the folder where I expected to save the backup.

Does anyone have a step by step how to backup the stelathwatch database? or someone has done it before? I can not configure the remote system to store the database

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: How to backup the database in stealthwatch?

I also have the same issue trying to backup to a Windows Server configured with an SMB shared folder. I can modify the share via powershell using the account I created, but I get the same permission denied error in the Stealthwatch console.

 

smb_powershell_example.PNGsmb_stealthwatch_example.PNG

 

Edit:

 

I have now also tried via the root shell and the mounting process failed for the same reason as well. I also noticed that Stealthwatch is not putting the mount drive in the /etc/fstab file, but it may only add it to the file once the mount is successful.

 

smb_root_shell_example.PNG

 

fstab.PNG

 

Edit2:

 

I manually added the share to the etc/fstab file and now I no longer get a permission denied error, but get a mount error(5): Input/output error. Some possible reasons for that error are either the CIFS version or the NTLM version that are being used. I have tried manually setting those options in the mount process as well, but I just get an invalid argument error from the SMC root shell when those options are added.

 

fstab_with_share_drive.PNGsmb_root_shell_example_post_fstab.PNG

 

Edit 3:

 

So I worked with TAC and determined the issue. Right now Stealthwatch only allows SMBv1, but most modern servers will only accept SMBv2 or greater by default. So the solution is to either configure the server to accept SMBv1, or to modify the /lancope/admin/lib/RunTime.py file to use a different version of SMB.

 

stealthwatch_runtime.jpg

View solution in original post

1 REPLY 1
Highlighted
Beginner

Re: How to backup the database in stealthwatch?

I also have the same issue trying to backup to a Windows Server configured with an SMB shared folder. I can modify the share via powershell using the account I created, but I get the same permission denied error in the Stealthwatch console.

 

smb_powershell_example.PNGsmb_stealthwatch_example.PNG

 

Edit:

 

I have now also tried via the root shell and the mounting process failed for the same reason as well. I also noticed that Stealthwatch is not putting the mount drive in the /etc/fstab file, but it may only add it to the file once the mount is successful.

 

smb_root_shell_example.PNG

 

fstab.PNG

 

Edit2:

 

I manually added the share to the etc/fstab file and now I no longer get a permission denied error, but get a mount error(5): Input/output error. Some possible reasons for that error are either the CIFS version or the NTLM version that are being used. I have tried manually setting those options in the mount process as well, but I just get an invalid argument error from the SMC root shell when those options are added.

 

fstab_with_share_drive.PNGsmb_root_shell_example_post_fstab.PNG

 

Edit 3:

 

So I worked with TAC and determined the issue. Right now Stealthwatch only allows SMBv1, but most modern servers will only accept SMBv2 or greater by default. So the solution is to either configure the server to accept SMBv1, or to modify the /lancope/admin/lib/RunTime.py file to use a different version of SMB.

 

stealthwatch_runtime.jpg

View solution in original post