Wazuh-DB backup restoration

Wazuh by default performs automatic backups of the global.db database. These snapshots may be useful to recover critical information. Wazuh-DB will restore the last backup available in case of failure during the upgrade. If this process also fails, the restoration must be done manually.

Manual restore process

The first step is to turn off Wazuh manager:

  1. For Systemd:

# systemctl stop wazuh-manager

  1. For SysV Init:

# service wazuh-manager stop

Then, locate the backup to restore. It is stored in WAZUH_HOME/backup/db with a name format similar to global.db-backup-TIMESTAMP-pre_upgrade.gz.

Note

This process is valid for all the backups in the folder. Snapshots names containing the special tag pre_upgrade were created right before upgrading the Wazuh server. Any other snapshot is a periodical backup created according to the backup setting.

Decompress it. Always use the -k flag to preserve the original file:

# gzip -dk WAZUH_HOME/backup/db/global.db-backup-TIMESTAMP-pre_upgrade.gz

Remove the current global.db database and move the backup to the right location:

# rm  WAZUH_HOME/queue/db/global.db
# mv  WAZUH_HOME/backup/db/global.db-backup-TIMESTAMP-pre_upgrade WAZUH_HOME/queue/db/global.db

And finally, start Wazuh:

  1. For Systemd:

# systemctl start wazuh-manager

  1. For SysV Init:

# service wazuh-manager start