02-11-2008 10:52 PM
Just in case someone else needs it, this works for me on AsyncOS 5.5:
wget --no-check-certificate -O config.xml "https://your.ironport.box/login?username=admin&password=your_password&action:Login=Login&referrer=https
%3A%2F%2Fyour.ironport.box%2Fsystem_administration%2Fconfiguration_file?acti
on=Save%26operation=download"
02-11-2008 10:56 PM
Couldn't get it through SSH by the way.
ssh admin@my.ironport.box showconfig returns The command "showconfig" does not take any arguments!
02-12-2008 09:22 AM
Have you ever tried mailconfig via ssh?
That's easy and works fine in most environments.
02-12-2008 02:01 PM
Right. Contrary to showconfig, mailconfig works all right with SSH, but that's not a very straightforward way to retrieve the config file.
I just saw that the following works however :
echo -e "showconfig\ny" | ssh admin@my.ironport.box | sed -n "/\?xml/,/\/config/p"
02-12-2008 08:10 PM
Heres a quick perl script i use to perform config backups (with passwords):
#!/usr/bin/perl
#
# 2006041000 Simon Howard Quick script to backup Ironport configurations
#
@ironports = ("ironport1.example.net","ironport2.example.net","ironport3.example.net");
foreach(@ironports) {
my $host = $_;
my $backupdir = "/var/spool/archive/$host";
my $detail = `ssh $_ \"saveconfig 1\"`;
my @detailsplit = split /\n/,$detail;
$_ = $detailsplit[0];
if (/^The file (.*) has been saved in the$/) {
my $ret = system("scp $host:/configuration/$1 $backupdir");
if ($ret != 0) {
print "Error: backing $host config file '$1' to $backupdir $?";
} else {
print "Success: backing up $host config file '$1' to $backupdir";
}
}
# remove any configs older than 60 days
`find $backupdir -mtime +60 -exec rm -rf {} \\;`;
}
print "Ironport config backup complete";
02-13-2008 12:26 PM
It's always good to have backup config, but unfortunately 'loadconfig' is not supported in central management environment (cluster mode).
For cluster environments config backups are just a archive to see old settings, those can't be used for disaster recovery
05-08-2008 11:08 AM
Complain (loudly) to you SE and Customer Support about the lack of loadconfig/saveconfig for clusters.
The lack of this feature means that anything other than small changes is overly time consuming. Adhering to Change Control procedures is also made more painful because there is no quick roll-back.
10-01-2008 06:54 PM
How do you delete the old configs? rm isn't allowed and I was told by my se that it won't automatically clear out old copies. Was hoping to find some equivalent so after the scp I could just delete the appliance copies.
10-01-2008 10:03 PM
You can login via ftp and use the delete command.
10-02-2008 02:46 PM
This can also be achieved using expect scripts as per below
#!/usr/bin/expect -f
set password [lrange $argv 0 0]
set ipaddr [lrange $argv 1 1]
set scriptname [lrange $argv 2 2]
set arg1 [lrange $argv 3 3]
#set timeout -1
spawn ssh -p 22 expect@$ipaddr $scriptname $arg1
match_max 100000
expect "*?assword:*"
send -- "$password\r"
# send blank line (\r)
#send -- "\r"
expect eof
Put the above into a expect script and run a daily or weekly cron
/usr/bin/expect /tmp/ironlogin.exp password host mailconfig emailaddress
10-03-2008 05:25 PM
You can login via ftp and use the delete command.
03-19-2009 01:55 PM
Complain (loudly) to you SE and Customer Support about the lack of loadconfig/saveconfig for clusters.
The lack of this feature means that anything other than small changes is overly time consuming. Adhering to Change Control procedures is also made more painful because there is no quick roll-back.
07-19-2009 12:17 AM
Here's something I put together:
#!/usr/bin/expect
set timeout 30
spawn ssh USERNAME@HOSTNAME
expect_after eof { exit 0 }
## interact with SSH
expect {
"yes/no" { send "yes\r" }
-re ".assword:" { send "PASSWORD\r" }
}
expect "> " { send "showconfig\r" }
expect "> " { send "Y\r" }
expect "Press Any Key For More" { send "\r" }
set timeout 2
while 1 {
expect {
"Press Any Key For More" { send "\r" }
timeout break
}
}
expect "> " { send "exit\r" }
07-19-2009 12:20 AM
Anybody have an updated WGET command that works with 6.5.2-101?
07-21-2009 06:24 PM
I don't use wget so can't test it out unfortunately. be careful with WGET though - I've seen a lot of customers and other random folks hit a software defect in AsyncOS or even their own script and essentially DoS the box. Be careful whatever you do!
Remember that the "configuration" backup file is NOT a flat file but rather a manually generated thing collecting from different system files.
So using this mentality, you have to A) login and generate it and then B) copy the file off the box. (Unless ofcourse you are using 'showconfig' which does so and streams it to stdout for you).
One such tool that will simplify this and cut a few lines (and security risks) out of your expect and other shell scripts are ssh-keys. Check em out!
Here's a KB I wrote a ways back to show some of my own preferred methods:
http://tinyurl.com/rodtu
YMMV
Andrew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide