IBM Security QRadar SOAR

v.46.1 got new way to backupfiles
so after the upgrade i had to create new LV
with command

sudo soarMoveAttachments -n attachments -s 10

i manage to do it

Do you want to continue ? YES/NO: YES
[2022-10-25 10:15:31] SOAR services suspended now...
[2022-10-25 10:15:37] Moving attachments...
[2022-10-25 10:15:42] SOAR services being resumed...
[2022-10-25 10:16:17] SUCCESS!  Attachments are moved.
Total elapsed time: 00:01:00

it automatically created ext lv, added info to fstab and mounted it - without any problems
however, when i start backup with soarSystemBackup, i got:

This backup procedure will stop services for a short time to ensure data consistency.
This procedure will fail if there are database backup happening at the same time.
Do you want to continue ? YES/NO: YES
Please do not interrupt while the backup is in progress.
[2022-10-26 09:25:16] Suspending SOAR service...
[2022-10-26 09:25:25] SOAR servcies Suspended.
[2022-10-26 09:25:35] Creating ElasticSearch snapshot. This may take several minutes, please wait... (The task will time out in 1800 seconds.)
[2022-10-26 09:25:52] ERROR: Error mounting /mnt/soar_backup_crypt/crypt: mount: wrong fs type, bad option, bad superblock on /dev/mapper/vg1-soar_snap_shot_crypt,
missing codepage or helper program, or other error

In some cases useful info is found in syslog - try
dmesg | tail or so.

Total elapsed time: 00:02:09
FAILED! Unable to create a backup.

has anyone had problem like this? or know how to fix it?

------------------------------
Krzysztof Muchalski
------------------------------

Thank you Krzysztof for bring this and investigating with Vincent. 2 issues we observed
1. ext4 was not expected. We expect the system using xfs. 
2. separate vg for soar was not expected, we expect soar system was mounted in the same volume group. 

We will follow up these 2 issues, thank you.

------------------------------
Leo Kuo
------------------------------

Original Message:
Sent: Wed October 26, 2022 11:57 AM
From: Krzysztof Muchalski
Subject: soarSystemBackup problem

v.46.1 got new way to backupfiles
so after the upgrade i had to create new LV
with command

sudo soarMoveAttachments -n attachments -s 10

i manage to do it

Do you want to continue ? YES/NO: YES[2022-10-25 10:15:31] SOAR services suspended now...[2022-10-25 10:15:37] Moving attachments...[2022-10-25 10:15:42] SOAR services being resumed...[2022-10-25 10:16:17] SUCCESS!  Attachments are moved.Total elapsed time: 00:01:00

it automatically created ext lv, added info to fstab and mounted it - without any problems
however, when i start backup with soarSystemBackup, i got:

This backup procedure will stop services for a short time to ensure data consistency.This procedure will fail if there are database backup happening at the same time.Do you want to continue ? YES/NO: YESPlease do not interrupt while the backup is in progress.[2022-10-26 09:25:16] Suspending SOAR service...[2022-10-26 09:25:25] SOAR servcies Suspended.[2022-10-26 09:25:35] Creating ElasticSearch snapshot. This may take several minutes, please wait... (The task will time out in 1800 seconds.)[2022-10-26 09:25:52] ERROR: Error mounting /mnt/soar_backup_crypt/crypt: mount: wrong fs type, bad option, bad superblock on /dev/mapper/vg1-soar_snap_shot_crypt,missing codepage or helper program, or other errorIn some cases useful info is found in syslog - trydmesg | tail or so.Total elapsed time: 00:02:09FAILED! Unable to create a backup.

has anyone had problem like this? or know how to fix it?

------------------------------
Krzysztof Muchalski
------------------------------