Use the ibackup.pyc tool to create, manage, and restore backups for Splunk SOAR (On-premises). The backup file can be transferred to another system and used to restore the state of the system at the time the backup was created.
On privileged deployments, logs for each run of the tool are written to
/var/log/phantom/backup/backup.log, and completed backups are stored in
On all unprivileged deployments, the logs are written to
<PHANTOM_HOME>/var/log/phantom/backup/backup.log, and backups are stored in
You can find a repository of staging files for the PostgreSQL database backup in
The following table shows the ibackup.pyc arguments:
|-h, --help||Shows the ibackup.pyc tool help message and exits.|
|--setup||Prepares the instance or cluster for backup and restore.|
||Specifies the maximum number of processing cores allowed for database backup and restore operations. Specify more cores to increase backup performance. Reduce the number of cores if making backups reduce system performance. The default value is two cores. The minimum value is one core.|
|--backup||Performs a backup.|
||Performs a restore. You must provide a path to the desired backup tar file to perform a restore.|
||Sets the path of the pgbackrest repository. If you specify a different repository, you will need to specify the path to backups in your |
||Selectively backs up specific components. The default is all components.
You must specify the same components for
|--fs-only||Backup only critical files. Use this in conjunction with AWS backup tools on systems in AWS with RDS databases.
Only GlusterFS, XFS, ext4, and NFS filesystems are supported. Other filesystems are not backed up using ibackup.pyc.
|--config-only||Backups include only configuration data. This always creates a full backup of configuration data. Incremental backup of configuration data is not supported.
||Selectively restores specific components. The default is all components.
The following components are valid components:
|--list-backups||Lists existing backups and their state. Use with |
|--delete-all||Deletes all backups. |
This action is irreversible.
||Deletes a full backup group. Takes an integer that represents the backup group to delete.|
||Overrides the default backup path |
The default option if none is specified is
||Sets the maximum number of full backups allowed at once. Automatically rotates once the limit is reached.|
|--list-settings||Lists the current settings for ibackup.|
|--force-pg-stop-backup||This option has been removed.|
|--no-prompt||Automatically responds with "yes" to all prompts from ibackup.|
|--ignore-size-check||Use this argument to skip the check for available disk space before performing a backup or restore.
|--ignore-env-check||Ignore the environment check when running ibackup.|
|-v <0,1, 2, 3> --verbosity <0,1, 2, 3>||Verbosity level; 0=minimal output, 1=normal output, 2=verbose output, 3=very verbose output|
|--no-color||Don't colorize the command output.|
Restore from a backup
Use ibackup.pyc with warm standby
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1, 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1