System Migration

CloudShark Enterprise 4.0.0 and later is distributed as an OVA virtual machine image. These legacy instructions should only be followed after contacting support@qacafe.com for assistance.

If you already have CloudShark Enterprise installed on a virtual machine, please follow the OVA Migration instructions to upgrade.

CloudShark runs on top of a RHEL-based Linux installation which meets our system requirements. The system can be bare metal hardware, a virtual machine, or on your public or private cloud infrastructure.

This document describes the process of migrating data from one instance of CloudShark to another.

It may be necessary to migrate CloudShark to a new Linux system to:

Run on the most up-to-date RHEL-based Linux operating system
Move an on-prem instance to your private cloud
Restore from a backup to a new system

Please contact support@qacafe.com before beginning the migration for assistance and to ensure your new CloudShark system has a valid license.

Install New System

To migrate CloudShark you will need a new RHEL/Rocky 8 Linux system installed from the official minimal distribution.

Follow our installation instructions to install the current release on the new system.

Migration

After CloudShark has been installed on the new system you can begin migrating data from the original system to the new one. When you are ready to migrate first stop CloudShark on both systems by running:

systemctl stop cloudshark-full

Settings

Copy the entire /usr/cloudshark/etc directory to the new system. Then to ensure the file permissions are set correctly run:

chown -R cloudshark: /usr/cloudshark/etc

Data Directory

If you are using external storage, update the storage location on the new system to mount your existing data.

If you are using local storage, copy the entire /usr/cloudshark/data directory to the new system.

After updating the storage location or copying the local data directory ensure the file permissions are set correctly by running:

chown -R cloudshark: /usr/cloudshark/data

Database

If you are using an external service for the CloudShark database, take a snapshot of the current database. The settings for CloudShark to connect to your external database will be migrated by copying the settings above.

If you are using the local MariaDB database, you will need to export and import the database as follows:

Export the database on the original CloudShark system by running:

mysqldump -uroot cloudshark > cloudshark.sql
mysqldump -uroot mysql > mysql.sql

Copy these files to the new CloudShark system and run the following to import the database:

mysql -uroot mysql < mysql.sql
mysql -uroot cloudshark < cloudshark.sql

Threat Assessment

Any additional threat assessment rules that have been added or changes to the configuration files under /etc/suricata will need to by copied to the new CloudShark system.

Custom Zeek Scripts

Any changes to the default Zeek configuration or additional scripts stored under /usr/cloudshark/share/zeek should be copied to the new system.

Post Migration

Now that the data from the original CloudShark system has been migrated, CloudShark can be started on the new system by running:

systemctl start cloudshark-full

Product

Search Results