-
Notifications
You must be signed in to change notification settings - Fork 631
Migrating MHN to a new Box
Brady Sullivan edited this page Oct 19, 2017
·
3 revisions
THIS IS A WORK IN PROGRESS
Migrating Splunk:
- I have not done this so I am not sure, but ... http://answers.splunk.com/answers/138710/splunk-migration-to-another-server.html
Migrating MHN:
- on the old box, stop all the MHN and splunk processes (verify this by running ps -ef after these commands):
sudo supervisorctl stop all
sudo /etc/init.d/splunk stop
sudo /etc/nginx stop
sudo /etc/init.d/mongod stop
- install MHN as new on the new box (mainly to get all the OS packages installed properly)
-
rm -rf /opt/{mhn,hpfeeds,honeymap,mnemosyne,splunk*}on the new box, this will be replaced by the dirs via rsync - rsync the entire /opt/* directory down to your new box
-
rm -rf /var/log/mhn/*on the new box, this will get replaced by the data via rysnc - rsync the entire
/var/log/mhn/*directory down to your new box - dump the data from mongo DB on the old box (hpfeeds and mnemosyne DBs) using
mondodump - then import the data into MongoDB on the new box using
mongoimport - reconfigure all honeypots' hpfeeds to point to the new IP address of the MHN server.