Once you have had your basic backup motherhood and apple pie you’ll probably need a snack between meals - an incremental backup -and perhaps you’ll need to regurgitate what you’ve eaten - to pursue the metaphor just a little too far - and restore files. Here’s how to do these the simple Unix way.

Incremental backups
A typical backup schedule involves a full system backup maybe once a week with daily or more frequent incremental backups. The "-N" flag instructs tar to select files newer than a specific date or named file. This is the purpose of the file "weekly_backup_done" created when the weekly backup ended (it makes sense to backup all the files changed since the last full backup, rather than only those that have changed since the last incremental, because that way the incrementals are independent).

System files don't change much and responsible sys admins keep separate backups of the important ones anyway, so for most purposes just saving the user files is enough for incremental backups:

set BACKUPHOME="/home/sysadmin/backup_logs"
set BACKUPLOG=$BACKUPHOME"/daily."`date –I`".log"
tar cvf /dev/nst0 -N $BACKUPHOME"/weekly_backup_done"/home >& $BACKUPLOG

run via cron late every night will be sufficient.

It goes without saying - or anyway, should - that incremental backups are only kept for a limited time. Once they're discarded the corresponding log files should be deleted. Full backups may be retained much longer. Indeed in some situations it's a legal requirement to keep them almost indefinitely but that's another story.

Restoring from backup
So far so good. Having a good set of backups, however, isn't much use unless you can find individual files and restore them. Because what happens in practice isn't the nightmare scenario of a security guard ringing up at 2:30am to let you know the server's making sounds like a pocketful of loose change. Rather it's the sales manager coming to you the middle of Friday afternoon saying he's lost the figures he was due to present in New York on Monday and can you find them on a backup somewhere, and no, he's not sure when he had them last but Janice in Accounts remembers checking them for the quarterly summary just before Christmas…

So there you are, you have all those backup tapes and log files but how do you find the most recent tape with a copy of a file whose name no-one's entirely sure of? This is where some creative script programming is needed.

Writing a script to find and restore individual files is the work of a lifetime but here are a few pointers (again for csh, though in fact perl, with its excellent string search and comparison features, might be a better choice for this kind of application).

First, the command:

find /home/sysadmin/backup_logs -name \*.log -exec grep -sn "*sales*.xls" {} \; -print

will search the backup log files and list of all the occurrences of filenames having the form "something_sales_something.xls". Ideally, though, we want just the most recent version on any backup tape. Quite what that means depends on the backup policy, in particular how long incrementals are kept for. However, the trick of incorporating the date in the log filename, in international format, means we can ensure we get just the name of the newest log file containing the filename we're looking for simply by listing in reverse alphabetic order and discarding all but the first:

ls –r | find /home/sysadmin/backup_logs -name \*.log -exec grep -l "*sales*.xls" {} \; -print | head -1

Finally, having found the file we want, mount the tape corresponding to that backup, enter:

tar xvf /dev/nst0 thesalesfile.xls

and sit back to wait for the applause!