Configuration Recovery - SL RestorePoint
Hello all, I just had this question posed to our team regarding config recovery. "Do you have any way of retrieving the configs for switches that have been deleted from SLRP please?" Is there a way to retrieve a backup of RestorePoint (and maybe restore to a temp location) from a specific point in time? If anyone has any advice or previous experience with this SL RestorePoint scenario, your input would be greatly appreciated!Restorepoint
Restorepoint is a Disaster Recovery and Secure Configuration Management appliance for network devices such as routers, switches, proxies, and firewalls. Restorepoint can automatically retrieve your network device configurations, detect changes and compliance violations, and report these automatically to network administrators. In this Powerhour session we will share with you how to add devices into Restorepoint, why having backups collected is useful in an autonomic IT environment, and how to leverage the SL1 platform in support of key workflows. Additionally, we will present the benefits of Governance, Risk and Compliance (GRC). Within the ScienceLogic Network Change and Configuration Management (NCCM) platform you will be backup over 100 different types of network equipment including firewalls to a central repository. Once the backup is collected then you can track change over time for auditing purposes as well as day to day operational needs to manage effective change control. Integration to the monitoring and automation platform adds layers of value which we will discuss during our session. When your organization is tasked with managing GRC then Restorepoint will apply your rules to assist in real time awareness of compliance. When configuration drift occurs then an alert will be sent to the SL1 platform for execution of automations in support of your defined workflow. For instance if you need to collect the difference of the last two configurations to compare an unplanned change while opening an incident into your IT Service Management (ITSM) product that can be completed so your operations team only need to receive the enhanced information set and begin resolutions steps. Often the best step is to revert the change and of course that’s supported from SL1 to allow for reduction in your Mean Time to Repair (MTTR). At the end of the June PowerHour you will have learned how to add devices into Restorepoint, why having backups collected is valuable and how to leverage the SL1 platform in support of key workflows. Additionally, we will present the benefits of Governance, Risk and Compliance (GRC). While blending into the overall SL1 platforms workflow operational needs
Access to SL1 and RP AMI's to automate AWS Provisioning
We're in the process of developing pipelines to provision and configure all our resources in AWS on a per client basis. Among these resources are the SL1 collector and RP agent. Right now in order to request the AMI for SL1 we need to fill out the form at https://support.sciencelogic.com/s/request-amazon-ami after authenticating via the webpage. Because of the login flow this has proven difficult to pass through the right information to authenticate and access the AMI request form where we can pass the form data to request the AMI on our AWS account. I understand this is probably not a common case, but has anyone come across a way to accomplish anything similar? The best I've been able to do so far is use Selenium to manage a browser logging in and navigating to the form page, but it doesn't lend itself well to the pipelines. For RestorePoint it seems like we still need to submit a case and request the AMI from support. Is there any plans to add this to the same request form for the SL1 AMI's? For now we're alright sticking to the manual effort of requesting AMI's, but it would be nice to be able to click a button and be done with provisioning :).Remediation with Restorepoint (Part I)
The Basics It’s important to understand that remediation options are part of the compliance rule definition, not the policy. That means a single policy can contain rules with different remediation options. To see the remediation options, go to Compliance --> Device Policies, open up a policy, and bring up the rule editor by either creating a new rule or selecting an existing one. You will see the “Remediation” drop-down menu: 1 - Remediation Type "Manual" The first and simplest remediation type is “Manual”. This is simply a text string providing instructions to an operator who is responding to a compliance alert. For example, a simple rule that checks for the existence of a default “public” SNMP community on a Cisco IOS device could have these very simple instructions: When a device is in violation of this rule, the remediation text will be included in the alert that gets generated. Here, in an email alert: 2 - Remediation Type "Automatic" The second remediation type, “Automatic”, lets you specify a series of commands to execute on the device. For example, to enable auto-remediation of our example “No Public SNMP Community” rule, you could run the “no snmp-server community public” IOS command: When a device is in violation of this rule, the specified commands are automatically executed on the device, bringing it back into compliance. 3 - Remediation Type "Command" The final remediation type, “Command”, is similar to “Automatic” except that, instead of entering the commands to run on the device, you can specify a previously saved Device Control script to run. In our example: Here, the "Remove Public SNMP Community" script has previously been saved and contains the same commands we used in the "automatic" example: Since device controls can be created as Lua scripts instead of simple lists of commands, using the “command” remediation type allows for more complex actions. Summary The goal of this article was to introduce the different Remediation options in Restorepoint. Remember: You don't have to add remediation steps to every rule in a policy -- and the ones you do add don't have to be of the same type. Even if you are not ready to enable automatic reconfiguration of devices in your environment, don’t be afraid to add a “manual” Remediation action to your compliance rules. Coming soon, I’ll post a follow-up article about using variables and Lua scripting to improve on the simple remediations we used today.Welcome to the Restorepoint Discussion Forum
We would like to welcome you to this forum where you can participate in open collaboration and meaningful discussion about all things Restorepoint. The purpose of this area is to foster collaboration about network configuration backup, recovery, compliance, and change management topics and for you to find solutions. As a community of IT professionals, we're always eager to learn new things and improve our skills. In this forum you can find people with similar ideas and challenges who can help you learn and be inspired. We hope you look forward to participating in these discussions and contributing to the community. Cheers to fostering connections, sharing insights, and driving the future of AIOps together. The ScienceLogic Community TeamRestorepoint 20240814
Reminder: Restorepoint v5.5 is EOL on August 31, 2024. Enhancements: Enabled option to disable SSH strict host key validation between Strict (current) and None (logging when the key changed) on the global and device levels. (5.6) Implemented a retry mechanism for the archive process so that users can configure the number of retries and the retry interval, both set at 0 default. If configured, any archive process step that fails will be retried set number of times and the archive process will fail completely only if all the retries fail. (5.6) Bug fixes: Addressed an issue in which users were unable to export single-selected .tgz files for configurations. These filetypes are now extracted to a directory so that when users attempt to export a single-selected file they are successful. (Case: 00445520) (5.6) Addressed an issue so that SSH key owners and permissions work properly when restoring an archive from CentOS6 to OL8. (Case: 00443673) (5.6) Addressed an issue in which SNMP fingerprint output tiles exposed security data. (Case: 00418761) (5.6) Updated startup logic so that backup sizes are calculated in the background, ensuring the user interface is instantly available. The Storage Data Usage page displays the message "Back up data size calculation in progress..." until it completes. (RES-3467)(5.6) (5.6) Improved the TCP Dump enumeration so that appliances with multiple NICs will determine which interface to dump with, trying until an interface provides dumping capability. Also improved error handling so that the TCP dumps that fail to start will issue error reports. (Case: 00427074) (5.6)Restorepoint 20241106 Release notification
We are pleased to announce the Restorepoint 20241106 has been released with the following updates: Users can now disable bulk processes on multiple devices with different protocols. The API is updated so calls on the /logs and /settings endpoints are now logged and syslogged for every API call that comes in. Users are redirected to the correct user security page when they need to update missing details on their account or logging in the first time via an email activation link.Restorepoint 5.6 03262025 Release
Hello - We are pleased to announce an important update to our Restorepoint appliances. This afternoon, the team pushed out the Restorepoint 5.6 03262025 release to all appliances. This release provides significant enhancements to Domains, allowing you to limit user access based on domain assignment. Domain support has been added to the release as follows: You can now add a Domain ID to device commands, command schedules, reports, report schedules, and device policies. NOTE--If a command is assigned to a command schedule, you cannot delete the command. Likewise, if a report is assigned to a report schedule, you cannot delete the report. You can now add multiple Domain IDs to Commands and Reports. When creating or editing a credential, agent, command, or policy, devices shown in the list are filtered based on the domain to which they belong. If a device command, command schedule, report, report schedule, or device policy is in the global domain, any global domain user with the correct permissions can view or edit it. Users assigned to the global domain with the appropriate permission within the global domain can create or change any element that belongs to more than one domain. Caveats: You cannot delete a label, command, policy, agent, or credential that is assigned to a device. You cannot change the domain of a label, command, policy, agent, or credential when it is assigned to a device which shares that domain. You cannot change the domain of a report when it is assigned to a report schedule which shares that domain. If a user does not have access to the same domain as a report, report schedule, command, command schedule, or policy, the form appears disabled. Additionally, important changes were included for permissions: The following permissions were added to allow for interactions with schedules, such as pausing or postponing schedules, on the Schedules page: View All Schedules Modify All Schedules The following permissions replace View Schedule and Modify Schedule: View Backup Schedule Modify Backup Schedule The following permissions were updated for Schedule groups to allow you to assign one or more domains to a report schedule: View Device Report Schedule Modify Device Report Schedule The following permissions were added to control who can view or change Device Control commands: View Device Command Modify Device Command The Command Device permission is enforced only when controlling or sending a command to a device. The following permissions replace View Rules, Modify Rules, and Apply Rules: View Device Policy Modify Device Policy Apply Device Policy Renamed the Old Report permissions to Legacy Permissions to clarify the permissions interact with the Legacy Reports that reside in the old user interface. You can now filter Device Control > Schedule so command schedules are filtered based on the command's device type. Updated Report Schedules (Reports > Schedules) and Reports (Report > Reports) to be filtered by domain. Thank you, Release Management
