cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
33499
Views
15
Helpful
21
Replies
Highlighted

Re: Automating Backup of Config

It's Not Working.

Highlighted
Beginner

I came here with the same

I came here with the same issue and adapted some items to work for me in my windows environment.

I also have 6 Ironports, some require SSHv1, some SSHv2 and one is the IEA which is different yet again.

I'll share my scripts, please let me know if you have questions on them as I did not document it all.

Schedule this BAT file below to run as often as you require. It will connect to a device that you tell it to, and backup the config then FTP the file back to the server.

Some of my older devices require SSHv1 still, so I check if the device supports v2, and connect that way, otherwise if not specified, fall back to v1. I also have an Encryption appliance, so that is all done via linux commands, that is the "iea" device. I was using public/private keys, but since I needed the password via FTP, I scrapped the key part.

BAT FILE:

@ECHO off
setlocal ENABLEDELAYEDEXPANSION
SET FTPCONFIG=%1FTP.txt
SET PLINK="C:\Program Files (x86)\PuTTY\plink.exe"
SET PSCP="C:\Program Files (x86)\PuTTY\pscp.exe"

::DATE - Sets %newdate% variable = yyyymmdd
for /f "tokens=2-4 delims=/ " %%a in ('date /t') do set NEWDATE=%%c%%a%%b

::GENERATE CONFIG FILE -2 FOR SSH v2 DEVICES
IF %1==ironport.congressionalfcu.org (
                %PLINK% -pw "password" -2 backup@%1 "saveconfig 0"
) ELSE IF %1==wsa (
                %PLINK% -pw "password" -2 backup@%1 "saveconfig 0"
) ELSE IF %1==iea (
                %PLINK% -pw "password" -2 admin@%1 "sudo rm -f /backup/server-*.tgz"
                %PLINK% -pw "password" -2 admin@%1 "sudo tar zcf /backup/server-%NEWDATE%.tgz /usr/local/postx/server"
                %PSCP% -pw "password" -2 admin@%1:/backup/server-%NEWDATE%.tgz "d:\SolarWinds\Configuration Management\Config-Archive\IEA\server-%NEWDATE%.tgz"
                GOTO EXIT
) ELSE %PLINK% -pw "password" -1 backup@%1 "saveconfig 0"
)

::RETREIVE CONFIG VIA FTP
ftp -s:%FTPCONFIG% %1

:EXIT

Then I have the FTPCONFIG txt file for each device that I call, it just gets all XML files, then deletes them from device. I have one of these for each device, b/c I could not figure out how to pass a varialbe from my BAT file to this file to set the LCD of where to store the config:

backup
password
lcd "D:\SolarWinds\Configuration Management\Config-Archive\wsa"
cd configuration
prompt
mget *.xml
mdelete *.xml
quit

 

Hope this helps someone out there.

 

View solution in original post

Highlighted
Beginner

Hi guys,

Hi guys,

Find below the script I used in my Windows environment to backup a cluster of IronPort and a SMA:

BAT script:

For the cluster, I'm using the IP of the first member to run the script. I connect through SSH keypair. Entering into clustermode generates an error but backup job still works well.

@echo off

 

set TODAY_DATE=%date:~-4,4%%date:~-7,2%%date:~-10,2%

set BACKUPS_PATH="\\network_share"

set PRIVKEY="C:\MailGW\IRONPORT.ppk"

 

C:\ssh\plink.exe IP_Ironport -i PRIVKEY -l admin "clustermode 1 saveconfig 3"

C:\ssh\pscp.exe -i PRIVKEY admin@IP_Ironport:/configuration/*%TODAY_DATE%* IronPort-bkp_%TODAY_DATE%.xml

 

move *.xml %BACKUPS_PATH%\

For the standalone SMA, the script is the same except the plink.exe command is "saveconfig N".

Then I configured a Scheduled Task to perform backup on a regular basis.

Credits to: http://somoit.net/ironport/ironport-automate-commands-scripts-from-windows

Hope it can help.

Regards,

Sylvain.

Highlighted
Beginner

nice work Sylvain,

nice work Sylvain, implementing this in my environment.

are the old .xml files on the SMA cleaned up automatically or should they be deleted once copied locally as some of the others here have done?

Highlighted
Beginner

No they are not cleaned up

No they are not cleaned up automatically. Ideally logs should be deleted from the appliance but since their weight is quite small (about 300KB) and my SMA is backed up only once per month, so it's not a big deal for me.

In the mean time, I read some posts that the deletion of those xml files is not possible/not really easy to put in place (https://supportforums.cisco.com/discussion/11973191/delete-configuration-files).

Highlighted
Beginner

It seems the backup script

It seems the backup script was not running well in fact because of the clustermode error I received in the output.

Change the plink command by "clustermode cluster; saveconfig y 3".

Sylvain.

Highlighted
Beginner

Re: It seems the backup script

Hello

 

Here is my solution

 

 

#saves the config and then copies it locally via SCP to a directory called ironport/config-backups
HOSTNAME=X.X.X.X
USERNAME=ironport
FILENAME=`ssh $USERNAME@$HOSTNAME "saveconfig 3 yes" | grep xml | cut -c 2-65 `
scp $USERNAME@$HOSTNAME:$FILENAME /backup/Ironport/backup