######################
Backup / Restore 
######################




Backup: Alert data (Cold Storage)
=================================

Alert data is rotated and compressed in json and log format every 24 hours. AEO indexes the json data in console, and this data is the primary focus for backups.



**Step 1: Backup/Transfer archive data**

  Copy /var/ossec/logs/alerts/<YYYY>/<Mon>/ to the backup location.

  Example (rsync over ssh):

  .. code-block:: console

    rsync -av -e ssh root@aeo:/var/ossec/logs/alerts/2020/* /mnt/backup



Restore: Alert data (Cold Storage)
==================================

**Step 1: Transfer cold storage to hot storage**

  Copy backup data to /var/ossec/logs/alerts/<YYYY>/<Mon>/

  Example (rsync over ssh):

  .. code-block:: console

    rsync -av -e ssh /mnt/backup/ root@aeo:/var/ossec/logs/alerts/2020/


**Step 2: Re-index restored data**


  On the AEO hub run:

  .. code-block:: console

    systemctl stop awpd
  
    /var/awp/bin/awp_indexgen

    systemctl start awpd

  .. note:: Index generation can take several minutes per file. 



