Restore Platform Managers
You can make a full recovery of the Platform Manager up to the last backup if the LogRhythm suggested guidelines for database and configuration backups were followed. Not all of the sections in this topic apply to every site, so perform only the pertinent sections, but always in the order given here. Before proceeding with the Platform Manager restoration, contact LogRhythm Support for assistance.
Restore/Rebuild the Platform Manager Hardware
Rebuild or replace any faulty hardware on the Platform Manager system. LogRhythm support assists in obtaining warranty replacements for any faulty hardware.
Reinstall Software Components
After all Platform Manager hardware is fully functional, restore or install any required software components including:
- Operating system, including patches and service packs
- SQL Server, including patches and service packs
- LogRhythm Alarming and Response Manager service
If the Configuration and Application Data Backups suggested in LogRhythm Backup and Recovery Procedures have been performed, configuration data for the LogRhythm components can be restored from these backups. Installation files for all LogRhythm components are available from the download pages of the installation and upgrade guides on the LogRhythm Community.
Restore LogRhythm Databases
The Platform Manager databases can be restored up to the date of the last full backup. Database restoration should be performed in the order stated below; however, if the SQL Server system tables (master, msdb, and model) are all intact and functional, you only have to restore the LogRhythmEMDB database:
- master (if required)
- msdb (if required)
- model (if required)
- LogRhythmEMDB
To perform the database restoration:
- Open the SQL Server Management Studio on the LogRhythm server.
- Right-click Databases and select Restore database.
- The SQL Server Restore database dialog box opens. Ensure that you do the following:
- In the Destination section, the Database field, enter the name of the database to be restored.
- Select the restoration method appropriate to your backup procedure by doing the following:
- Select Device if the backup was to a file or device.
- In the Source section, to the right of Device, click the ellipsis [...] button .
- In the Specify backup dialog box, choose the appropriate device.
- Click Add.
- Select the file or backup device from which to restore the database.
- Click OK after specifying the backup location.
- Select the Restore check box next to the appropriate database.
- Click OK to begin the database restore.
For more detailed information concerning SQL Server database restoration, see SQL Server Books Online provided as part of the SQL Server installation on your LogRhythm server.
Start LogRhythm Services
When the database restoration is complete, start the scarm service.
If Scheduled Reports are set to be exported to a remote drive, make sure the LogRhythm Alarming and Response Manager service is running under a service account to access the remote drive.