07-14-2017 01:07 AM
First...i read all tutorials about the automatic backup.
e.g.
https://supportforums.cisco.com/discussion/11111956/automating-backup-config
https://supportforums.cisco.com/discussion/11849021/ironport-backup-and-import-process
https://supportforums.cisco.com/discussion/10733151/backups-cluster-environment
http:www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118403-technote-esa-00.html
Is it possible to create a backup format suitable for an easy restore? (suitable means without mask passphrases )
The most common command is
e.g. from technote 118403-technote-esa-00.html
FILENAME=`ssh -q $USERNAME@$HOSTNAME "saveconfig y 1"
When i change the command to "saveconfig y 2" the passwords are still masked
<enc_password>*****</enc_password>
Another suggested command from
https://supportforums.cisco.com/discussion/11111956/automating-backup-config
also doesn't work
ssh -i /share/MD0_DATA/home/ironport/.ssh/id_rsa admin@x.x.x.x 'clustermode cluster; saveconfig 2'
Invalid arguments when processing saveconfig:
saveconfig: not enough arguments.
this command works
ssh -i /share/MD0_DATA/home/ironport/.ssh/id_rsa admin@x.x.x.x 'clustermode cluster; saveconfig y 2'
File written on machine "x.x.x" to the location
"/configuration/C370-7xxxxxxxxxxxxxxxxxxxxxxxxx9.xml".
Configuration saved.
but also with masked passwords.
I am only able to create a backup file with masked passwords
saveconfig
This command is restricted to "cluster" mode. Would you like to switch to "cluster" mode? [Y]>
Choose the passphrase option:
1. Mask passphrases (Files with masked passphrases cannot be loaded using loadconfig command)
2. Encrypt passphrases
3. Plain passphrases
[1]>
always #1 when i use a batch backup
any ideas?
07-14-2017 01:44 AM
Hi,
I believe the command would have changed after Async OS 9.7 as below, I've requested the article be updated. From tests that I had run earlier, below is what I used
Changes in scripting for mailconfig post Async OS 9.7
Additional variables are needed for mailconfig
#! /bin/bash
#
# Simple script to email the ESA config to pre-specified email address.
#
# $HOSTNAME can be either FQDN or IP address.
HOSTNAME=[FQDN OR IP ADDRESS]
# $USERNAME assumes that you have preconfigured SSH key from this host to your ESA.
USERNAME=admin
# $MAILDEST is preconfigured email address
MAILDEST=backups@example.com
ssh $USERNAME@$HOSTNAME "mailconfig $MAILDEST yes 2"
Last parameter means:
0 – mask
1 – encrypt
2 – plain passwords
Regards,
Libin Varghese
07-14-2017 02:11 AM
many thanks for your answer.
Your script is good, i am able to make a suitable backup.
But, a perfect solution would the possiblity to make a download on our NAS-Server.
07-27-2018 08:28 AM
#! /bin/bash # this saves the config and then copies it locally via SCP to a directory called wsa/config-backups HOSTNAME=cisco-wsa01.domain.org USERNAME=admin FILENAME=`ssh $USERNAME@$HOSTNAME "saveconfig N" | grep xml | cut -f 3 -d " "` scp $USERNAME@$HOSTNAME:./configuration/$FILENAME /usr/local/storage/backups/wsa/config-backups/. HOSTNAME2=cisco-wsa02.domain.org USERNAME2=admin FILENAME2=`ssh $USERNAME2@$HOSTNAME2 "saveconfig N" | grep xml | cut -f 3 -d " "` scp $USERNAME2@$HOSTNAME2:./configuration/$FILENAME2 /usr/local/storage/backups/wsa/config-backups/. HOSTNAME3=cisco-wsa03.domain.org USERNAME3=admin FILENAME3=`ssh $USERNAME3@$HOSTNAME3 "saveconfig N" | grep xml | cut -f 3 -d " "` scp $USERNAME3@$HOSTNAME3:./configuration/$FILENAME3 /usr/local/storage/backups/wsa/config-backups/. HOSTNAME4=cisco-wsa04.domain.org USERNAME4=admin FILENAME4=`ssh $USERNAME4@$HOSTNAME4 "saveconfig N" | grep xml | cut -f 3 -d " "` scp $USERNAME4@$HOSTNAME4:./configuration/$FILENAME4 /usr/local/storage/backups/wsa/config-backups/.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide