This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migrate Logs to new Appliance

Hi all,

is there a way to migrate all the logs and reportings from an old appliance to a new one?

Thanks for your help.

Cheers,

Fred



This thread was automatically locked due to age.
Parents
  • I actually did figure out a way to migrate the logs and the reports from an old server to a new  one. The logs are simple to migrate by just copying all of the files under the /var/log directory. Migrating the reports is a little more difficult. I discovered that Sophos UTM utilizes POSTGRES SQL, so I researched how to back up the database and perform the restore. You can get a list of the databases on the UTM server with the following command: psql -U postgres -c '\l+' , which will show you a database titled 'reporting'. You can then backup the reporting database with the following command: pg_dump -U postgres -C -f /tmp/reporting_backup reporting . Once you have this backup, copy it to the new server. Now you can rename the reporting database with the command 'ALTER DATABASE reporting RENAME TO reporting_back'. Now you can drop the database on the new server by using 'DROP DATABASE reporting_back' and now restore the database from the old server with the following command: psql -d postgres -U postgres -f /tmp/reporting_backup . You may need to revoke privileges on the current database and bump the current connections of the SOPHOS application if you receive an error. Revoke privileges with 'REVOKE CONNECT ON DATABASE reporting FROM PUBLIC, reporting;' and drop any current connections with the following command:

    SELECT
        pg_terminate_backend(pid)
    FROM
        pg_stat_activity
    WHERE
        -- don't kill my own connection!
        pid <> pg_backend_pid()
        -- don't kill the connections to other databases
        AND datname = 'reporting'
        ;

     

    You may or may not need to restart your server before you can see the restored reports on your new server. This definitely worked for me and hopefully will work for you as well. I also was able to restore all of the old data and any new data you may have already started reporting on the new server by merging the data  I dumped from the new servers database (Pull the data out of a dump file you create on the new server with a text editor) and appending that data into the dump file from the old server (again using a text editor) and then restoring this merged data.

  • Hi, David, and welcome to the UTM Community!

    Wow!  Just wow!  Only your second post here, and you've helped us all with questions not ever answered here before.

    One suggestion - instead of using the /tmp directory which is in its own, smaller partition, use the /home directory which is on the largest partition.  That's where Sophos engineers will want you to keep your own stuff like speedtest_cli.py.

    We're glad you're here!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • good day

    I follow the steps indicated to support the base reporting in postgress I am doing in utm 9.411 but it does not work I do not give me error but it does not manage to migrate the reporter

    I detail the steps followed

    Pg_dump -U postgres -C -f / tmp / reporting_backup

    In utm new

    Sudo your postgres psql

    ALTER DATABASE reporting RENAME TO reporting_back

    DROP DATABASE reporting_back

    Psql -d postgres -U postgres -f / tmp / reporting_backup

    Does not give any error but does not show the report

    I have made a copy of the logs / var / log

Reply
  • good day

    I follow the steps indicated to support the base reporting in postgress I am doing in utm 9.411 but it does not work I do not give me error but it does not manage to migrate the reporter

    I detail the steps followed

    Pg_dump -U postgres -C -f / tmp / reporting_backup

    In utm new

    Sudo your postgres psql

    ALTER DATABASE reporting RENAME TO reporting_back

    DROP DATABASE reporting_back

    Psql -d postgres -U postgres -f / tmp / reporting_backup

    Does not give any error but does not show the report

    I have made a copy of the logs / var / log

Children
No Data