Help with automatic Backup

Secnet DRVBundGQ · ‎07-14-2017

First...i read all tutorials about the automatic backup.

e.g.

https://supportforums.cisco.com/discussion/11111956/automating-backup-config
https://supportforums.cisco.com/discussion/11849021/ironport-backup-and-import-process
https://supportforums.cisco.com/discussion/10733151/backups-cluster-environment

http:www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118403-technote-esa-00.html

Is it possible to create a backup format suitable for an easy restore? (suitable means without mask passphrases )

The most common command is

e.g. from technote 118403-technote-esa-00.html

FILENAME=`ssh -q $USERNAME@$HOSTNAME "saveconfig y 1"

When i change the command to "saveconfig y 2" the passwords are still masked

<enc_password>*****</enc_password>

Another suggested command from

https://supportforums.cisco.com/discussion/11111956/automating-backup-config

also doesn't work

ssh -i /share/MD0_DATA/home/ironport/.ssh/id_rsa admin@x.x.x.x 'clustermode cluster; saveconfig 2'
Invalid arguments when processing saveconfig:
saveconfig: not enough arguments.

this command works

ssh -i /share/MD0_DATA/home/ironport/.ssh/id_rsa admin@x.x.x.x 'clustermode cluster; saveconfig y 2'
File written on machine "x.x.x" to the location
"/configuration/C370-7xxxxxxxxxxxxxxxxxxxxxxxxx9.xml".
Configuration saved.

but also with masked passwords.

I am only able to create a backup file with masked passwords

saveconfig

This command is restricted to "cluster" mode. Would you like to switch to "cluster" mode? [Y]>

Choose the passphrase option:
1. Mask passphrases (Files with masked passphrases cannot be loaded using loadconfig command)
2. Encrypt passphrases
3. Plain passphrases
[1]>

always #1 when i use a batch backup

any ideas?

Libin Varghese · ‎07-14-2017

Hi,

I believe the command would have changed after Async OS 9.7 as below, I've requested the article be updated. From tests that I had run earlier, below is what I used

Changes in scripting for mailconfig post Async OS 9.7

Additional variables are needed for mailconfig

#! /bin/bash
#
# Simple script to email the ESA config to pre-specified email address.
#
# $HOSTNAME can be either FQDN or IP address.
HOSTNAME=[FQDN OR IP ADDRESS]
# $USERNAME assumes that you have preconfigured SSH key from this host to your ESA.
USERNAME=admin
# $MAILDEST is preconfigured email address
MAILDEST=backups@example.com
ssh $USERNAME@$HOSTNAME "mailconfig $MAILDEST yes 2"

Last parameter means:
0 – mask
1 – encrypt
2 – plain passwords

Regards,

Libin Varghese

Secnet DRVBundGQ · ‎07-14-2017

many thanks for your answer.

Your script is good, i am able to make a suitable backup.

But, a perfect solution would the possiblity to make a download on our NAS-Server.

Dan Coats · ‎07-27-2018

#! /bin/bash
# this saves the config and then copies it locally via SCP to a directory called wsa/config-backups
HOSTNAME=cisco-wsa01.domain.org
USERNAME=admin
FILENAME=`ssh $USERNAME@$HOSTNAME "saveconfig N" | grep xml | cut -f 3 -d " "`
scp $USERNAME@$HOSTNAME:./configuration/$FILENAME /usr/local/storage/backups/wsa/config-backups/.

HOSTNAME2=cisco-wsa02.domain.org
USERNAME2=admin
FILENAME2=`ssh $USERNAME2@$HOSTNAME2 "saveconfig N" | grep xml | cut -f 3 -d " "`
scp $USERNAME2@$HOSTNAME2:./configuration/$FILENAME2 /usr/local/storage/backups/wsa/config-backups/.

HOSTNAME3=cisco-wsa03.domain.org
USERNAME3=admin
FILENAME3=`ssh $USERNAME3@$HOSTNAME3 "saveconfig N" | grep xml | cut -f 3 -d " "`
scp $USERNAME3@$HOSTNAME3:./configuration/$FILENAME3 /usr/local/storage/backups/wsa/config-backups/.

HOSTNAME4=cisco-wsa04.domain.org
USERNAME4=admin
FILENAME4=`ssh $USERNAME4@$HOSTNAME4 "saveconfig N" | grep xml | cut -f 3 -d " "`
scp $USERNAME4@$HOSTNAME4:./configuration/$FILENAME4 /usr/local/storage/backups/wsa/config-backups/.