cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
664
Views
10
Helpful
7
Replies
Highlighted

Script saveconfig 9.7.0 "not enough arguments"

Hello,

we want to make a automatic Backupscript for the Config File with plain passwords

Choose the password option:
1. Mask passwords (Files with masked passwords cannot be loaded using
loadconfig command)
2. Encrypt passwords
3. Plain Passwords

we have Problem with the Syntax

with the old Version 8.5 works with the following command "clustermode cluster; saveconfig no"

any ideas´?

Thanks

7 REPLIES 7
Highlighted
Cisco Employee

http://www.cisco.com/c/en/us

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118403-technote-esa-00.html

My complete script:

#! /bin/bash
#
# Script to save the ESA config, then copy locally via SCP. This is assuming you wish to
# have the cluster in SSH via port 22. This script has been written and tested against
# AsyncOS 9.0.0-390 (01/15/2014).
#
# *NOTE* This script is a proof-of-concept and provided as an example basis. While these steps have
# been successfully tested, this script is for demonstration and illustration purposes. Custom
# scripts are outside of the scope and supportability of Cisco. Cisco Technical Assistance will
# not write, update, or troubleshoot custom external scripts at any time.
#
# <SCRIPT>
#
# $HOSTNAME & $HOSTNAME2 can be either the FQDN or IP address of the ESAs in cluster.
#
HOSTNAME=172.18.250.224
HOSTNAME2=172.18.250.225
#
# $MACHINENAME is the local name for ESA1.
#
MACHINENAME=9_7_1_066A.local
#
# $USERNAME assumes that you have preconfigured SSH key from this host to your ESA.
# http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118305-technote-esa-00.html
#
USERNAME=admin
#
# $BACKUP_PATH is the directory location on the local system.
#
BACKUP_PATH=/Users/robsherw/esa_scripts
#
# Following will remove ESA1 from cluster in order to backup standalone config.
# "2> /dev/null" at the end of string will quiet any additional output of the clustermode command.
#
echo "|=== PHASE 1 ===| REMOVING $MACHINENAME FROM CLUSTER"
ssh $USERNAME@$HOSTNAME "clustermode cluster; clusterconfig removemachine $MACHINENAME" 2> /dev/null
#
# $FILENAME contains the actual script that calls the ESA, issues the 'saveconfig' command.
# The rest of the string is the cleanup action to reflect only the <model>-<serial number>-<timestamp>.xml.
#
echo "|=== PHASE 2 ===| BACKUP CONFIGURATION ON ESA"
FILENAME=`ssh -q $USERNAME@$HOSTNAME "saveconfig y 1" | grep xml | sed -e 's/\/configuration\///g' | sed 's/\.$//g' | tr -d "\""`
#
# The 'scp' command will secure copy the $FILENAME from the ESA to specified backup path, as entered above.
# The -q option for 'scp' will disable the copy meter/progress bar.
#
echo "|=== PHASE 3 ===| COPY XML FROM ESA TO LOCAL"
scp -q $USERNAME@$HOSTNAME:/configuration/$FILENAME $BACKUP_PATH
#
# Following will re-add ESA1 back into cluster.
#
echo "|=== PHASE 4 ===| ADDING $MACHINENAME BACK TO CLUSTER"
ssh $USERNAME@$HOSTNAME "clusterconfig join $HOSTNAME2 admin ironport Main_Group" 2> /dev/null
#
echo "|=== COMPLETE ===| $FILENAME successfully saved to $BACKUP_PATH"
#
# </SCRIPT>
#

I validated this against my 9.7.1-066 VM cluster:

robsherw@my_host> ./cluster_backup
|=== PHASE 1 ===| REMOVING 9_7_1_066A.local FROM CLUSTER
Please wait, this operation may take a minute...
Machine 9_7_1_066A.local removed from the cluster.
|=== PHASE 2 ===| BACKUP CONFIGURATION ON ESA
|=== PHASE 3 ===| COPY XML FROM ESA TO LOCAL
|=== PHASE 4 ===| ADDING 9_7_1_066A.local BACK TO CLUSTER
|=== COMPLETE ===| C100V-XXXX3DB3DDA507ECAFFD-XXXX2349A0F9-20160314T132200.xml successfully saved to /Users/robsherw/esa_scripts

-Robert

Highlighted

many thanks for your help

many thanks for your help

the solution was "saveconfig y 1"

...marked the thread as solved.

 

Regards,

Sedat

Highlighted
Beginner

Hi Sedat,

Hi Sedat,

In the command "saveconfig y 1", 1 means Option 1 -> Mask passwords. Right?

regards,

Sylvain.

Highlighted

Hi Sylvain,

Hi Sylvain,

yes is right .

Sedat

Highlighted
Beginner

For testing purpose, did you

For testing purpose, did you try to choose Plain passwords option? "saveconfig y 3"

In my environment, with this option, passwords are still masked.

Sylvain.

Highlighted
Beginner

Re: For testing purpose, did you

I'm running 11.0 on C170 ESAs.

 

I found some other references to saveconfig parameters (the 11.0 CLI reference is almost worthless for this command).  'saveconfig n 1' will save the configuration with encrypted passwords.  I also tried 'saveconfig n 2', 'saveconfig n 3', 'saveconfig n 50' and 'saveconfig y 2' .

 

'saveconfig y' results in masked passwords, 'saveconfig n' results in encrypted passwords. 

 

In all cases the second parameter seems to have no purpose other than being required for the saveconfig command. 

 

It would be nice if someone from Cisco would chime in to explain the purpose of the parameters and why a second parameter is required when it seems to have no impact on the configuration file format.

Highlighted
Cisco Employee

http://www.cisco.com/c/en/us

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118403-technote-esa-00.html

My complete script:

#! /bin/bash
#
# Script to save the ESA config, then copy locally via SCP. This is assuming you wish to
# have the cluster in SSH via port 22. This script has been written and tested against
# AsyncOS 9.0.0-390 (01/15/2014).
#
# *NOTE* This script is a proof-of-concept and provided as an example basis. While these steps have
# been successfully tested, this script is for demonstration and illustration purposes. Custom
# scripts are outside of the scope and supportability of Cisco. Cisco Technical Assistance will
# not write, update, or troubleshoot custom external scripts at any time.
#
# <SCRIPT>
#
# $HOSTNAME & $HOSTNAME2 can be either the FQDN or IP address of the ESAs in cluster.
#
HOSTNAME=172.18.250.224
HOSTNAME2=172.18.250.225
#
# $MACHINENAME is the local name for ESA1.
#
MACHINENAME=9_7_1_066A.local
#
# $USERNAME assumes that you have preconfigured SSH key from this host to your ESA.
# http://www.cisco.com/c/en/us/support/docs/security/email-security-applia...
#
USERNAME=admin
#
# $BACKUP_PATH is the directory location on the local system.
#
BACKUP_PATH=/Users/robsherw/esa_scripts
#
# Following will remove ESA1 from cluster in order to backup standalone config.
# "2> /dev/null" at the end of string will quiet any additional output of the clustermode command.
#
echo "|=== PHASE 1 ===| REMOVING $MACHINENAME FROM CLUSTER"
ssh $USERNAME@$HOSTNAME "clustermode cluster; clusterconfig removemachine $MACHINENAME" 2> /dev/null
#
# $FILENAME contains the actual script that calls the ESA, issues the 'saveconfig' command.
# The rest of the string is the cleanup action to reflect only the <model>-<serial number>-<timestamp>.xml.
#
echo "|=== PHASE 2 ===| BACKUP CONFIGURATION ON ESA"
FILENAME=`ssh -q $USERNAME@$HOSTNAME "saveconfig y 1" | grep xml | sed -e 's/\/configuration\///g' | sed 's/\.$//g' | tr -d "\""`
#
# The 'scp' command will secure copy the $FILENAME from the ESA to specified backup path, as entered above.
# The -q option for 'scp' will disable the copy meter/progress bar.
#
echo "|=== PHASE 3 ===| COPY XML FROM ESA TO LOCAL"
scp -q $USERNAME@$HOSTNAME:/configuration/$FILENAME $BACKUP_PATH
#
# Following will re-add ESA1 back into cluster.
#
echo "|=== PHASE 4 ===| ADDING $MACHINENAME BACK TO CLUSTER"
ssh $USERNAME@$HOSTNAME "clusterconfig join $HOSTNAME2 admin ironport Main_Group" 2> /dev/null
#
echo "|=== COMPLETE ===| $FILENAME successfully saved to $BACKUP_PATH"
#
# </SCRIPT>
#

I validated this against my 9.7.1-066 VM cluster:

robsherw@my_host> ./cluster_backup
|=== PHASE 1 ===| REMOVING 9_7_1_066A.local FROM CLUSTER
Please wait, this operation may take a minute...
Machine 9_7_1_066A.local removed from the cluster.
|=== PHASE 2 ===| BACKUP CONFIGURATION ON ESA
|=== PHASE 3 ===| COPY XML FROM ESA TO LOCAL
|=== PHASE 4 ===| ADDING 9_7_1_066A.local BACK TO CLUSTER
|=== COMPLETE ===| C100V-XXXX3DB3DDA507ECAFFD-XXXX2349A0F9-20160314T132200.xml successfully saved to /Users/robsherw/esa_scripts