- last edited on by
dhuckaby
Hello,
Has anyone backed up the database in stealthwatch version 7.0?
I want to back up the database on my computer, but trying to test the connectivity with the remote system gives me the following error
On my computer I enabled SMB, I gave administrator permissions to the account and to the folder where I expected to save the backup.
Does anyone have a step by step how to backup the stelathwatch database? or someone has done it before? I can not configure the remote system to store the database
Accepted Solutions
I also have the same issue trying to backup to a Windows Server configured with an SMB shared folder. I can modify the share via powershell using the account I created, but I get the same permission denied error in the Stealthwatch console.
Edit:
I have now also tried via the root shell and the mounting process failed for the same reason as well. I also noticed that Stealthwatch is not putting the mount drive in the /etc/fstab file, but it may only add it to the file once the mount is successful.
Edit2:
I manually added the share to the etc/fstab file and now I no longer get a permission denied error, but get a mount error(5): Input/output error. Some possible reasons for that error are either the CIFS version or the NTLM version that are being used. I have tried manually setting those options in the mount process as well, but I just get an invalid argument error from the SMC root shell when those options are added.
Edit 3:
So I worked with TAC and determined the issue. Right now Stealthwatch only allows SMBv1, but most modern servers will only accept SMBv2 or greater by default. So the solution is to either configure the server to accept SMBv1, or to modify the /lancope/admin/lib/RunTime.py file to use a different version of SMB.
I also have the same issue trying to backup to a Windows Server configured with an SMB shared folder. I can modify the share via powershell using the account I created, but I get the same permission denied error in the Stealthwatch console.
Edit:
I have now also tried via the root shell and the mounting process failed for the same reason as well. I also noticed that Stealthwatch is not putting the mount drive in the /etc/fstab file, but it may only add it to the file once the mount is successful.
Edit2:
I manually added the share to the etc/fstab file and now I no longer get a permission denied error, but get a mount error(5): Input/output error. Some possible reasons for that error are either the CIFS version or the NTLM version that are being used. I have tried manually setting those options in the mount process as well, but I just get an invalid argument error from the SMC root shell when those options are added.
Edit 3:
So I worked with TAC and determined the issue. Right now Stealthwatch only allows SMBv1, but most modern servers will only accept SMBv2 or greater by default. So the solution is to either configure the server to accept SMBv1, or to modify the /lancope/admin/lib/RunTime.py file to use a different version of SMB.
This is an update on this issue. Trying to backup 7.3.2 before upgrade to 7.4.1 and the issue has returned. Probably in one of the previous upgrades the files changed. Called TAC and there is a new location and file. Enable SSH on SMC/FC and SSH into them. The location is /lancope/admin/lib/system.d/disk and the file name disk.py. Search for mount.cifs and change the vers=1.0. I changed it to 2.1 and I'm back in business.
