User Guide Functional Overview Requirements Architecture System Installation NetEye Additional Components Installation Setup The neteye Command Director NetEye Self Monitoring Tornado Business Service Monitoring IT Operation Analytics - Telemetry Geo Maps NagVis Audit Log Shutdown Manager Reporting ntopng Visual Monitoring with Alyvix Elastic Stack IT Operations (Command Orchestrator) Asset Management Service Level Management Cyber Threat Intelligence - SATAYO NetEye.Cloud Strategy Monitoring SOC System Administrator SOC Attacker Centric NetEye Update & Upgrade Backup and Restore How To NetEye Extension Packs Troubleshooting Security Policy Glossary
module icon Backup and Restore
NetEye Update & Upgrade Backup and Restore How To NetEye Extension Packs Troubleshooting Security Policy Glossary Introduction to NetEye Monitoring Business Service Monitoring IT Operation Analytics Visualization Network Visibility Log Management & Security Orchestrated Datacenter Shutdown Application Performance Monitoring User Experience Service Management Service Level Management & Reporting Requirements for a Node Cluster Requirements and Best Practices NetEye Satellite Requirements TCP and UDP Ports Requirements Additional Software Installation Introduction Single Node Cluster NetEye Master Master-Satellite Architecture Underlying Operating System Acquiring NetEye ISO Image Installing ISO Image Single Nodes and Satellites Cluster Nodes Configuration of Tenants Satellite Nodes Only Nodes behind a Proxy Additional NetEye Components Single Node Cluster Node Satellites Nodes only Verify if a module is running correctly Accessing the New Module Cluster Satellite Security Backup and Restore Identity and Access Management External Identity Providers Configure federated LDAP/AD Emergency Reset of Keycloak Configuration Advanced Configuration Roles Single Page Application in NetEye Module Permissions and Single Sign On Within NetEye Importing User Federation Groups inside another Group Importing OIDC IdP Groups inside another Group Resources Tuning Advanced Topics Basic Concepts & Usage Advanced Topics Monitoring Environment Templates Monitored Objects Import Monitored Objects Data Fields Deployment Icinga 2 Agents Configuration Baskets Dashboard Monitoring Status Icinga2 Features VMD Permissions Notifications Jobs API Configuring Icinga Monitoring Retention Policy NetEye Self Monitoring Concepts Collecting Events Add a Filter Node WHERE Conditions Iterating over Event fields Retrieving Payload of an Event Extract Variables Create a Rule Tornado Actions Test your Configuration Export and Import Configuration Example Under the hood Development Retry Strategy Configuration Thread Pool Configuration API Reference Configure a new Business Process Create your first Business Process Node Importing Processes Operators The ITOA Module Configuring User Permissions Telegraf Metrics in NetEye Telegraf Configuration Telegraf on Monitored Hosts Visualizing Dashboards Customizing Performance Graph The NetEye Geo Map Visualizer Map Viewer Configuring Geo Maps NagVis Audit Log Overview Shutdown Manager user Shutdown Manager GUI Shutdown Commands Advanced Topics Overview User Role Management Cube Use Cases ntopng and NetEye Integration Permissions Retention Advanced Topics Overview User Roles Nodes RDP Client Building Tools Editor: Interface Overview Editor: Script Building Editor: Managing Scripts Designer: Interface Overview Designer: Interface Options Designer: Component Tree Selector: Interface Overview Test Case Management Dashboard Use Cases Overview Architecture Authorization Kibana Elasticsearch Cluster Elasticsearch Configuration Replicas on a Single Node Elasticsearch Performance tuning Overview Enabling El Proxy Sending custom logs to El Proxy Configuration files Commands Elasticsearch Templates and Retentions El Proxy DLQ Blockchain Verification Handling Blockchain Corruptions El Proxy Metrics El Proxy Security El Proxy REST Endpoints Agents Logstash Elastic APM Elastic RUM Elastic XDR Log Manager - Deprecated Overview Authorization in the Command Orchestrator Module Configuring CLI Commands Executing Commands Overview Permissions Installation Single Tenancy Multitenancy Communication through a Satellite Asset collection methods Display asset information in monitoring host page Overview Customers Availability Event Adjustment Outages Resource Advanced Topics Introduction Getting Started SATAYO Items Settings Managed Service Mitre Attack Coverage Changelog NetEye.Cloud as a SaaS solution Monitoring with NetEye.Cloud Monitoring Environment Business Service Monitoring VMD SOC System Administrator (AdS) Access to NetEye and Elastic Elastic Dashboards Elastic Discover Elastic Alerts Elastic Rules Introduction to SOC Attacker Centric Service Description NetEye SIEM Before you start Update Procedure Single Node Upgrade from 4.45 to 4.46 Cluster Upgrade from 4.45 to 4.46 Satellite Upgrade from 4.45 to 4.46 DPO machine Upgrade from 4.45 to 4.46 Create a mirror of the RPM repository Sprint Releases Feature Troubleshooting Backup and Restore Tornado Networking Service Management - Incident Response IT Operation Analytics - Telemetry Identity Provider (IdP) Configuration NetEye Cluster on Microsoft Azure Introduction to NEP Getting Started with NEPs Online Resources Obtaining NEP Insights Available Packages Advanced Topics Upgrade to NetEye 4.31 Setup Configure swappiness Restarting Stopped Services Enable stack traces in web UI How to access standard logs Director does not deploy when services assigned to a host have the same name How to enable/disable debug logging Activate Debug Logging for Tornado Modules/Services do not start Sync Rule fails when trying to recreate Icinga object How to disable InfluxDB query logging Managing an Elasticsearch Cluster with a Full Disk Some logs are not indexed in Elasticsearch Elasticsearch is not functioning properly Reporting: Error when opening a report Debugging Logstash file input filter Bugfix Policy Reporting Vulnerabilities Glossary

Backup and Restore

This section provides instructions on how to back up and restore your NetEye configuration and data. Regular backups are essential to prevent data loss and ensure quick recovery in case of system failures or other issues.

Supported services

Currently, the backup and restore procedures support out-of-the box the following services:

  • Core:

    • NetEye base configuration files, e.g. /etc/neteye-cluster, /etc/neteye-satellite.d and SSH keys

  • Elastic Stack:

    • Elasticsearch

    • Kibana

Supported providers

The backup and restore procedures currently support AWS S3 buckets as remote storage providers. Support for additional providers will be added in future releases.

Configuring S3 buckets for backup and restore

In order to use an S3 bucket as remote storage for backup and restore operations, you need to perform the following steps:

  1. Create an S3 bucket in your AWS account.

  2. Create a KMS key for encrypting the backup data server side. To do so, please follow the official AWS documentation.

  3. Using the AWS Console, create an IAM user. When is time to assign permissions, choose the option to attach existing policies directly, and create a new policy with the permissions as outlined below (replace the placeholders with your actual bucket name, region, account id, and key id):

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucketMultipartUploads",
                "s3:ListBucketVersions",
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:CreateBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<your-bucket-name>"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts",
                "s3:CreateBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<your-bucket-name>/*"
            ]
        },
        {
            "Sid": "AllowUseOfKMSKey",
            "Effect": "Allow",
            "Action": [
                "kms:GenerateDataKey",
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:<region>:<account-id>:key/<key-id>",
            ]
        }
    ]
}

  4. From the IAM user management console, generate a new access key for the user. You will need the access key ID and secret access key to configure the backup and restore procedures in NetEye.

How to configure the NetEye backup and restore and take scheduled backups

The configuration of the backup and restore procedures is done via YAML files in the /etc/neteye-backup.d directory.

The basic and common configuration can be found in the /etc/neteye-backup.d/common.yaml file.

It is so possible to configure various aspects of the backup and restore procedures, such as:

  • Which items to include in the backup (configurations, data and logs)

  • The schedule for automatic backups.

    Note

    Please note that for backup schedules simple ranges (e.g., “0-1”) are supported while step values (e.g., “/5”) are **NOT* supported.

  • The remote storage provider settings (e.g., S3 bucket details, access keys, encryption settings)

  • The backup node in a cluster setup, which defaults to the first node specified in the cluster configuration file (/etc/neteye-cluster). This node is responsible to perform the scheduled backups and collect the data from the other nodes in the cluster.

Besides the common configuration file, a specific configuration file for each supported service is present in the corresponding feature module directory, e.g., /etc/neteye-backup.d/elastic-stack/elasticsearch.yaml.

In the specific configuration file it is possible to overide some of the common settings, such as which items to include in the backup for that specific service and also specify service-specific settings, such as the Elasticsearch indices to include in the backup.

After the configuration files have been set up, you can apply the configuration using the following command, that can be run on one of the cluster nodes:

neteye backup config apply

This command will validate the configuration files and apply the settings to the backup and restore procedures, scheduling also the automatic backups as specified on the backup node.

How to take a manual backup

Sometimes, you may want to take a manual backup outside the scheduled automatic backups. To do so, you can use the following command, on a node of your installation, to take a manual backup:

neteye backup run

Furthermore, in case you would like to take a manual backup of a specific service only, you can use the --restrict-services-to option, as shown in the example below:

neteye backup run --restrict-services-to core

How to restore a backup

Warning

Restoring a backup will overwrite the current configuration and data of the selected services with those from the MOST RECENT backup available in the remote storage.

Warning

The restore operation is primarily intended to recover from failures or data loss on the system from which a backup was taken.

It is possible to restore a backup on a different system, if the following conditions are met:

  • The NetEye version on the target system is the same as the one on the source system from which the backup was taken.

  • The target system has already performed the initial configuration using the neteye install command.

  • The number of nodes in the cluster (if applicable) is the same on both systems and the hostnames of the nodes match those in the backup.

  • The target system has network connectivity to the remote storage where the backup is stored.

  • The target system has sufficient resources (disk space, memory, etc.) to accommodate the restored data.

Furthermore, depending on the specific services being restored, additional considerations may apply, especially regarding network configurations.

To restore a backup, the first step is to ensure the backup configuration that will allow the connection to the remote storage where the backups are correctly configured.

This can be done either by manually editing the configuration files in the /etc/neteye-backup.d directory, in particular the /etc/neteye-backup.d/common.yaml file, or by restoring manually the backup configuration files from a previous backup.

By default, the backup configuration files are stored in the tar.gz archive that can be found in the core/conf folder inside the remote storage.

After that, the restore operation can be initiated, on a node of your installation, using the following command:

neteye backup restore

As mentioned also above, this command will restore the most recent backup available in the remote storage.

Also in this case, it is possible to restore a specific service only by using the --restrict-services-to option, as shown in the example below:

neteye backup restore --restrict-services-to core
Blog Online Demo Training
Contact Us
© 2025, Würth IT Italy s.r.l.
VAT ID 01054690217
Privacy Cookies