mds_backup

Description

The mds_backup command backs up binaries and data from a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. to a user specified working directory.

You then copy the backup files from the working directory to external storage.

This command requires Multi-Domain Superuser privileges.

The mds_backup command runs the gtar and dump commands to back up all databases. The collected information is stored in one *.tar file. The file name is a combination of the backup date and time and is saved in the current working directory. For example: 13Sep2015-141437.mdsbk.tar

Backing up and restoring in Management High Availability environment:

For more information:

Notes:

  • Do not create or delete Domains or Domain Management ServersClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. until the backup operation completes.

  • It is important not to run the mds_backup command from directories that are not backed up.

    For example, when you back up a Multi-Domain Server, do not run the mds_backup command from the /opt/CPmds-<Current_Release>/ directory, because it is a circular reference (backup of directory, in which it is necessary to write files).

    Run the mds_backup command from a location outside the product directory tree to be backed up. This becomes the working directory.

  • The mds_backup command does not collect the active Security log file (*.log) and Audit log file (*.adtlog).

    This is necessary to prevent inconsistencies during the read-write operations.

    Best Practice - Perform a log switch before you start the backup procedure.

  • You can back up the Multi-Domain Server configuration without the log files.

    This backup is typically significantly smaller than a full backup with logs.

    To back up without log files, add this line to the file $MDSDIR/conf/mds_exclude.dat configuration file:

    log/*

  • After the backup completes, copy the backup *.tar file, together with the mds_restore, and gtar binary files, to your external backup location.

Syntax

mds_backup -h

mds_backup [-b [-d <Target Directory>] [-ds] [-g] [-i] [-l] [-L {all | best}] [-s] [-v]

Parameters

Parameter

Description

-h

Shows help text.

-b

Batch mode - executes without asking anything (-g is implied).

-d <Target Directory>

Specifies the output directory.

If not specified explicitly, the backup file is saved to the current directory.

You cannot save the backup file to the root directory.

-ds

Disconnects all current sessions and discards their unpublished changes before the backup starts.

-g

Executes without prompting to disconnect GUI clients.

-i

Includes the Hit Count database in the backup:

$FWDIR/conf/hit_count_rules_table.sqlite

-l

Excludes logs from the backup.

-L {all | best}

Locks all databases before the backup starts.

  • -L all - Does not start the backup, if it is not possible to lock all databases

  • -L best - Starts the backup even if it is not possible to lock all databases

-s

Stops Multi-Domain processes before the backup starts.

-v

"Dry run" - Shows all files to be backed up, but does not perform the backup operation.

-x

Excludes binary files from the backup.

The binary files are listed in the $MDSDIR/conf/mds_binaries_exclude.dat file.