You can use scripts to create backup copies of the components MP 10 Core, PT MC, Knowledge Base, and MP SIEM Server. You can also create backup copies of the Elasticsearch indices and LogSpace repository data. When you create a backup copy and restore data from the backup copy later, the MaxPatrol SIEM configurations, versions of the MaxPatrol SIEM component, and OS interface locales must match.

While creating a backup copy, the script stops component services; therefore, the system web interface is unavailable. Data collected by collectors during creation of a copy is not sent to other system components and is accumulated on the collector servers. After a copy is created, all collectors send the data simultaneously, creating an increased load on the system. It can cause errors in the system operation. Therefore, before creating a backup copy, it is advised to stop all data collection tasks and check that no tasks are scheduled to start during the backup creation period.

To back up component data on Linux, create the backup copies of role data in the following order: SIEM Server → Core → Knowledge Base → SqlStorage → Deployer. To back up data of each role, you will need a separate backup.sh script, which, after installation, is located in the directory /var/lib/deployed-roles/<application ID>/<role instance name>/. Run the script in the Linux terminal interface as a superuser (root).

The backup scripts do not create a copy of the Elasticsearch indices or a copy of the digital certificate that has been signed by a certification authority; also, they do not save the service account passwords other than the default passwords.