Skip to content
This repository was archived by the owner on Jul 25, 2025. It is now read-only.
This repository was archived by the owner on Jul 25, 2025. It is now read-only.

[Question] Error to backup and restore data in thehive4 #2503

Open
Open
[Question] Error to backup and restore data in thehive4#2503
Labels
question
@b4lh4ck

Description

@b4lh4ck
b4lh4ck
opened on Apr 2, 2025

Request Type

Question

Work Environment

Question Answer
OS version (server) RedHat 8.10 ...
Dedicated RAM 32 GB
vCPU 16
TheHive version 4.1.24
Package Type RPM
Database Cassandra / 4.0.17
Index type Elasticsearch / 7.17
Attachments storage Local
Browser type & version Google Chrome and Firefox

Question

What is the exactly steps to backup and restore data in Thehive

I want to move cases to another server with the same cores, disk space and memory but when I try to backup and restore I feel confuse because there are many different steps in the backup and restore page of thehive4

I followed this steps first to backup data

Image

then I followed this steps to restore data

Image

but I can't restore the cases in the new server

In some pages I see that I need this line

forceDropAndRebuildIndex: true

I copy and paste the line in application.conf but when thehive starts is the same I can't see cases, Thehive is empty

I run this commands

Making snapshot:

nodetool cleanup thehive
nodetool snapshot thehive -t backup_name
cd tmp/

when I run this command below I got this
tar cjf backup.tbz /var/lib/cassandra/data/thehive/*/snapshots/backup_name/

tar: Removing leading `/' from member names

Image

Restoring from snapshot

mkdir /tmp/cassandra_backup

this command below doesnt work for me
tar jxf /tmp/backup.tbz -C /

I used this command below instead

tar jxf /tmp/backup.tbz -C /tmp/cassandra_backup

cd /var/lib/cassandra/data/thehive

this command below got errors

for I in ls /var/lib/cassandra/data/thehive ; do yes | cp /var/lib/cassandra/data/thehive/$I/snapshots/backup_name/* /var/lib/cassandra/data/thehive/$I/ ; done

I used this commnad instead

for I in ls /tmp/cassandra_backup/var/lib/cassandra/data/thehive ; do cp /tmp/cassandra_backup/var/lib/cassandra/data/thehive/$I/snapshots/backup_name/* /var/lib/cassandra/data/thehive/$I/ ; done

chown -R cassandra:cassandra /var/lib/cassandra/data/thehive

cd /var/lib/cassandra/commitlog

rm CommitLog-X-XXX1.log
rm CommitLog-X-XXX2.log

service cassandra restart
service thehive restart

but I can't restore it

Anyone can help me please to explain me the right steps to backup and restore data to another server with Thehive4 or anyone that found any solution

thank you so much in advance

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions