Back up and recover your database

Does not apply to Deep Security as a Service

Database backups are for restoring your Deep Security system in the event of a catastrophic failure or for transferring your Deep Security Manager to another computer.

The Deep Security Manager cannot initiate a backup of an Oracle database or an Amazon RDS database. To back up your Oracle database, consult your Oracle documentation. For RDS, follow the instructions provided by AWS for backing up your database to an S3 bucket. For example, see Amazon RDS for SQL Server - Support for Native Backup/Restore to Amazon S3.

Internal database or Microsoft SQL Server Database

Database backups can be carried out using the Scheduled Tasks interface. Go to the Administration > Scheduled Tasks page. Click New and select New Scheduled Task to display the New Scheduled Task wizard. Give a name to this task and choose "Backup" from the list. The next page will prompt you for how often you want this task carried out and when. To carry out a one-time-only backup, choose "Once Only" and enter a time (5 minutes from now, for example). The next page will prompt you for a location to store the backup files. Click through to the end of the wizard to finish. A complete backup shouldn't take more than a minute or so to complete.

A "date-named" folder will be created in the backup location you specified. If you are using the Deep Security Manager's embedded Apache Derby database (which is intended for test purposes), a folder structure will be created beneath it that maps to the folders in the Deep Security Manager's install directory. To restore this database, shut down the Trend Micro Deep Security Manager service (using the Services Microsoft Management Console), copy the backup folders into the corresponding folders of the install directory and restart Deep Security Manager.

If you are using a SQL Server database, a SQL Server database backup file named [timestamp].dsmbackup will be written to the backup folder specified in the scheduled task. For instructions on how to restore a SQL Server database refer to your SQL Server documentation.

The Deep Security Manager cannot backup or restore an Oracle database. To backup or restore your Oracle database consult your Oracle documentation.

Restore the database only

  1. Stop the Deep Security Manager service.
  2. Restore the database.
    This must be a database from the same version number of the Deep Security Manager.
  3. Start the Deep Security Manager service.
  4. Verify contents restored.
  5. Update all of the computers to ensure they have the proper configuration.

Restore both the Deep SecurityManager and the database

  1. Remove any remnants of the lost/corrupted Deep Security Manager and database.
  2. Install a fresh Deep Security Manager using a fresh/empty database.
  3. Stop the Deep Security Manager service.
  4. Restore the database over the freshly installed one, must be the same database name (Must be a database from the same version number of the Manager).
  5. Start the Deep Security Manager service.
  6. Verify contents restored.
  7. Update all of the computers to ensure they have the proper configuration.

Export objects in XML or CSV format

  • Events: Go to one of the Events pages and use the Advanced Search options to filter the event data. For example, you could search for all firewall events for computers in the Computers > Laptops computer group that were logged within the last hour whose reason column contains the word spoofed.



    Click the submit button (with the right-facing arrow) to execute the "query". Then clickExport to export the filtered data in CSV format. You can export all the displayed entries or just selected data. The exporting of logs in this format is primarily for integration with third-party reporting tools.
  • Computer Lists: Computers lists can be exported in XML or CSV format from the Computers page. You might want to do this if you find you are managing too many computers from a single Deep Security Manager and are planning to set up a second Deep Security Manager to manage a collection of computers. Exporting a list of selected computers will save you the trouble of rediscovering all of the computers again and arranging them into groups.
    Policy, firewall rule, and intrusion prevention rule settings will not be included. You will have to export your firewall rules, intrusion prevention rules, firewall stateful configurations, and policies as well and then reapply them to your computers.
  • Policies: Policies are exported in XML format from the Policies page.
    When you export a selected policy to XML, any child policies the policy might have are included in the exported package. The export package contains all of the actual objects associated with the policy except: intrusion prevention rules, log inspection rules, integrity monitoring rules, and application types.
  • Firewall Rules: Firewall rules can be exported to an XML or CSV file using the same searching/filtering techniques as above.
  • Firewall Stateful Configurations: Firewall stateful configurations can be exported to an XML or CSV file using the same searching/filtering techniques as above.
  • Intrusion Prevention Rules: Intrusion prevention rules can be exported to an XML or CSV file using the same searching/filtering techniques as above.
  • Integrity Monitoring Rules: Integrity monitoring rules can be exported to an XML or CSV file using the same searching/filtering techniques as above.
  • Log Inspection Rules: Log inspection rules can be exported to an XML or CSV file using the same searching/filtering techniques as above.
  • Other Common Objects : All the reusable components common objects can be exported to an XML or CSV file the same way.

When exporting to CSV, only displayed column data is included. Use the Columns tool to change which data is displayed. Grouping is ignored so the data might not be in same order as on the screen.

Import objects

To import each of the individual objects into Deep Security, select Import From File from the list next to the New button in the toolbar of object page.