Appendix D - Data Migration Guide for Snare Server

This guide outlines the steps required to perform a Data Migration from an existing old Snare Central Server version 6, 7 or 8 to a newly installed Snare Central v8.6.0 server (or higher) on the network. It will copy across:

• All event archive data.
• The application configuration.
• The Collector/Reflector configuration.
• Users and groups data.
• Custom Objectives reports.
• AMC configuration.
• Elasticsearch event data when SATI is enabled.

It can also be used to copy event archive data from multiple source servers to a single destination server, or to copy just the application configuration and users and groups data from another server.

This process will replace all existing application configuration and users data in the destination server with the exception of the Administrator account, so it is highly recommend that it is completed on a freshly installed destination server so nothing is lost.

This process is the preferred method of migrating from a Snare Central v6 or v7 to a v8 system, and should be used in preference to the 'over-the-top' upgrade process wherever possible.

Migration Requirements

The only requirement is that both the servers are fully licensed.

Performing the Migration

1. Log in to the destination server (v8.6.0 or higher) as the snare user, via SSH.
2. After a successful login the Snare Central Administration Menu will be presented, Choose the Data Migration option in the menu.

3. The Data Migration process will present a summary of the four steps involved in the migration process. Please read this summary carefully.

4. From within the Data Migration you will be asked first to provide the password of the local snare user.

5. Once the local snare user verification is complete, you need to choose what data to migrate from the source server. The menu offers three options to choose from: Migrate only the Event data, Migrate only Configuration data, and "All Data" which includes both Event data and Configuration data. The Configuration data includes the Snare application configuration, users and groups data, custom objective reports and AMC configuration.

6. Once the type of migration has been chosen, you will need to specify the IP address of the remote server that contains the data to be migrated.

7. After that, you will also need to provide the password of the snare user on the remote server. Please Note that this password is never saved or stored. We recommend that as precaution, before the migration is started, change the password of the snare account in the remote source server, just for the migration process and restore the original password after the migration process is done.

8. Once all the required information has been provided, the Data Migration Manager starts transferring the required data from the remote server into the destination server automatically. Depending on the amount of data to be transferred, this process can take from a few minutes to a few hours to finish.

9. At the end of the process, the Data Migration Manager will show a summary of the migration. This may include errors encountered during the execution. In case of any error, the file /var/log/snare.log will provide information on what went wrong. An incorrect password or a network issue will be highlighted in this log.

After the Migration

After a successful migration, you should be able to login to the destination server web-based user interface as 'Administrator'. Note that the destination server Administrator password will not be overwritten by the migration. Alternatively you can log in using the credentials from one of the users migrated from the remote server. All Objectives and user data will have been migrated across, as well as the Event Archive data.