cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


499
Views
20
Helpful
14
Replies
Beginner

ASA Backup using CLI

Hello Everyone,

 

I am trying to configure an ASA 5545x to backup to its local disk (disk:/0) using CLI on a daily basis. I would like to be able to write 7 backups to the disk before it starts overwriting existing backups, so having weeks worth of backup repository. 

 

Here is my current config and it works great when I manually do it:ASA, CLI, NGFW Firewalls

 

CiscoASA# backup /noconfirm location disk0:/

 

I would like to be able to add the necessary commands for it to run daily and keep 7 daily backups before overwriting.


Is this possible?


Thanks in advanced!

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: ASA Backup using CLI

Apologies, i was in impression ASA have full-blown EEM Features But looks like to has Limited.

 

I have tested below : ( below solution resolve your issue).

 

1. Since your requirement is 7 configuration file

2. i have made time to test-run every 80 seconds - change as per your requirement.

3. it keeps a copy the files up to 7 and keeps moving old to new

 

 

 

event manager applet backupconfig
event timer watchdog time 80 <<- this is in seconds to run 
action 0 cli command "copy /noconfirm disk0:/running-config6 disk0:/running-config7"
action 2 cli command "copy /noconfirm disk0:/running-config5 disk0:/running-config6"
action 3 cli command "copy /noconfirm disk0:/running-config4 disk0:/running-config5"
action 4 cli command "copy /noconfirm disk0:/running-config3 disk0:/running-config4"
action 5 cli command "copy /noconfirm disk0:/running-config2 disk0:/running-config3"
action 6 cli command "copy /noconfirm disk0:/running-config1 disk0:/running-config2"
action 7 cli command "copy /noconfirm disk0:/running-config disk0:/running-config1"
action 8 cli command "copy /noconfirm running-config disk0:/running-config"
output none

 

 

it create a config like below :

 

ciscoasa# dir

Directory of disk0:/

23 -rwx 0 18:40:52 Mar 20 2016 use_ttyS0
67 -rwx 12805759 18:41:04 Mar 20 2016 anyconnect-linux-64-4.1.08005-k9.pkg
68 -rwx 16986568 18:41:12 Mar 20 2016 anyconnect-win-4.1.08005-k9.pkg
27 drwx 4096 22:36:52 Sep 20 2019 smart-log
24 drwx 4096 22:35:58 Sep 20 2019 log
63 drwx 4096 22:36:57 Sep 20 2019 coredumpinfo
75 -rwx 8173 23:43:37 Sep 20 2019 running-config1
71 -rwx 8173 23:43:37 Sep 20 2019 running-config
76 -rwx 8173 23:43:37 Sep 20 2019 running-config2
77 -rwx 8173 23:43:37 Sep 20 2019 running-config3
78 -rwx 8173 23:43:37 Sep 20 2019 running-config4
79 -rwx 8173 23:43:37 Sep 20 2019 running-config5
80 -rwx 8173 23:43:37 Sep 20 2019 running-config6
81 -rwx 8097 23:43:37 Sep 20 2019 running-config7

 

 

 

ciscoasa# show event manager
Last Error: Command failed @ 2019/09/20 23:42:15

event manager applet backupconfig, hits 8, last 2019/09/20 23:44:57
last file none
event watchdog 80 secs, left 66 secs, hits 8, last 2019/09/20 23:44:57
action 0 cli command "copy /noconfirm disk0:/running-config6 disk0:/running-config7", hits 8, last 2019/09/20 23:44:57
action 2 cli command "copy /noconfirm disk0:/running-config5 disk0:/running-config6", hits 8, last 2019/09/20 23:44:57
action 3 cli command "copy /noconfirm disk0:/running-config4 disk0:/running-config5", hits 8, last 2019/09/20 23:44:57
action 4 cli command "copy /noconfirm disk0:/running-config3 disk0:/running-config4", hits 8, last 2019/09/20 23:44:57
action 5 cli command "copy /noconfirm disk0:/running-config2 disk0:/running-config3", hits 8, last 2019/09/20 23:44:57
action 6 cli command "copy /noconfirm disk0:/running-config1 disk0:/running-config2", hits 8, last 2019/09/20 23:44:57
action 7 cli command "copy /noconfirm disk0:/running-config disk0:/running-config1", hits 8, last 2019/09/20 23:44:57
action 8 cli command "copy /noconfirm running-config disk0:/running-config", hits 8, last 2019/09/20 23:44:57

BB
*** Rate All Helpful Responses ***

View solution in original post

14 REPLIES 14
VIP Advisor

Re: ASA Backup using CLI

Personally rather doing backup archive, offload from device is best practce, in case device crashes you will loose all.

 

use EEM Script to offload the config daily basis to TFTP or FTP Server with Date and Time.

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASA Backup using CLI

BB,

 

As absurd as this sounds, using scp, ftp, sftp is not an option. This is currently my only allowable device backup solution.

 

I need to be able to backup to local disk. I understand its a terrible option, but its the only one I have.

VIP Advisor

Re: ASA Backup using CLI

here is the EEM script for testing

 

event manager applet backupconfig
event timer absolute time 00:05:00   <-- you can also run every hours if you want to
action 0 cli command "copy /noconfirm running-config location disk0:/running-config/\$h-\$t"    <-- this will save with time
output none

 

hope this help you.

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASA Backup using CLI

BB,

 

I am testing this now. I would like this to have a daily backup for 7 days only, with the new backups overwriting their old ones. Ideas?


Thanks for the help!!!!

VIP Advisor

Re: ASA Backup using CLI

Once this script workjing we can tune for you, delete the files older than 7 days

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASA Backup using CLI

It did not run within the last 5 minutes....

Highlighted
VIP Advisor

Re: ASA Backup using CLI

it runs at time. if you looking to run every 5min here is script

 

event manager applet backupconfig
event timer cron cron-entry “*/5 * * * * ”
action 0 cli command "copy /noconfirm running-config location disk0:/running-config/\$h-\$t"
output none

 

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASA Backup using CLI

Ah, misundertstood.

 

I will try again with original. I dont want it to run every 5 minutes....

VIP Advisor

Re: ASA Backup using CLI

Look at the time example for reference :

 

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117883-config-eem-00.html#anc10

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASA Backup using CLI

BB,

 

I have tried : action 0 cli command "copy /noconfirm running-config location disk0:/Running_Config/\$h-\$t

with no luck

 

I have tried removing the word "location"

I have tried adding ".cfg" to the file name

I have tried diff variations of the "\" at the end

 

No luck!

VIP Advisor

Re: ASA Backup using CLI

Apologies, i was in impression ASA have full-blown EEM Features But looks like to has Limited.

 

I have tested below : ( below solution resolve your issue).

 

1. Since your requirement is 7 configuration file

2. i have made time to test-run every 80 seconds - change as per your requirement.

3. it keeps a copy the files up to 7 and keeps moving old to new

 

 

 

event manager applet backupconfig
event timer watchdog time 80 <<- this is in seconds to run 
action 0 cli command "copy /noconfirm disk0:/running-config6 disk0:/running-config7"
action 2 cli command "copy /noconfirm disk0:/running-config5 disk0:/running-config6"
action 3 cli command "copy /noconfirm disk0:/running-config4 disk0:/running-config5"
action 4 cli command "copy /noconfirm disk0:/running-config3 disk0:/running-config4"
action 5 cli command "copy /noconfirm disk0:/running-config2 disk0:/running-config3"
action 6 cli command "copy /noconfirm disk0:/running-config1 disk0:/running-config2"
action 7 cli command "copy /noconfirm disk0:/running-config disk0:/running-config1"
action 8 cli command "copy /noconfirm running-config disk0:/running-config"
output none

 

 

it create a config like below :

 

ciscoasa# dir

Directory of disk0:/

23 -rwx 0 18:40:52 Mar 20 2016 use_ttyS0
67 -rwx 12805759 18:41:04 Mar 20 2016 anyconnect-linux-64-4.1.08005-k9.pkg
68 -rwx 16986568 18:41:12 Mar 20 2016 anyconnect-win-4.1.08005-k9.pkg
27 drwx 4096 22:36:52 Sep 20 2019 smart-log
24 drwx 4096 22:35:58 Sep 20 2019 log
63 drwx 4096 22:36:57 Sep 20 2019 coredumpinfo
75 -rwx 8173 23:43:37 Sep 20 2019 running-config1
71 -rwx 8173 23:43:37 Sep 20 2019 running-config
76 -rwx 8173 23:43:37 Sep 20 2019 running-config2
77 -rwx 8173 23:43:37 Sep 20 2019 running-config3
78 -rwx 8173 23:43:37 Sep 20 2019 running-config4
79 -rwx 8173 23:43:37 Sep 20 2019 running-config5
80 -rwx 8173 23:43:37 Sep 20 2019 running-config6
81 -rwx 8097 23:43:37 Sep 20 2019 running-config7

 

 

 

ciscoasa# show event manager
Last Error: Command failed @ 2019/09/20 23:42:15

event manager applet backupconfig, hits 8, last 2019/09/20 23:44:57
last file none
event watchdog 80 secs, left 66 secs, hits 8, last 2019/09/20 23:44:57
action 0 cli command "copy /noconfirm disk0:/running-config6 disk0:/running-config7", hits 8, last 2019/09/20 23:44:57
action 2 cli command "copy /noconfirm disk0:/running-config5 disk0:/running-config6", hits 8, last 2019/09/20 23:44:57
action 3 cli command "copy /noconfirm disk0:/running-config4 disk0:/running-config5", hits 8, last 2019/09/20 23:44:57
action 4 cli command "copy /noconfirm disk0:/running-config3 disk0:/running-config4", hits 8, last 2019/09/20 23:44:57
action 5 cli command "copy /noconfirm disk0:/running-config2 disk0:/running-config3", hits 8, last 2019/09/20 23:44:57
action 6 cli command "copy /noconfirm disk0:/running-config1 disk0:/running-config2", hits 8, last 2019/09/20 23:44:57
action 7 cli command "copy /noconfirm disk0:/running-config disk0:/running-config1", hits 8, last 2019/09/20 23:44:57
action 8 cli command "copy /noconfirm running-config disk0:/running-config", hits 8, last 2019/09/20 23:44:57

BB
*** Rate All Helpful Responses ***

View solution in original post

Beginner

Re: ASA Backup using CLI

BB,


I will test in the lab on Monday when I get into the office. I will let you know how it goes.


Thanks for helping!!!

Beginner

Re: ASA Backup using CLI

BB,

 

I am using the EEM configuration you provided. It goes through all of the events at one time. I need it to run the event every 86400 seconds from the previous line.

 

For example all of the events run at the same time using the following:

 

event manager applet backupconfig
event timer watchdog time 80 <<- this is in seconds to run
action 0 cli command "copy /noconfirm disk0:/running-config6 disk0:/running-config7"
action 2 cli command "copy /noconfirm disk0:/running-config5 disk0:/running-config6"
action 3 cli command "copy /noconfirm disk0:/running-config4 disk0:/running-config5"
action 4 cli command "copy /noconfirm disk0:/running-config3 disk0:/running-config4"
action 5 cli command "copy /noconfirm disk0:/running-config2 disk0:/running-config3"
action 6 cli command "copy /noconfirm disk0:/running-config1 disk0:/running-config2"
action 7 cli command "copy /noconfirm disk0:/running-config disk0:/running-config1"
action 8 cli command "copy /noconfirm running-config disk0:/running-config"
output none

 

How would I get action 8 to run, wait one day, and run action 7, wait a day, run action 6, etc? Remember I only want to keep 7 days of configs on the local disks.

VIP Advisor

Re: ASA Backup using CLI

If you understand the EEM Script it has backup of 7 days :

 

 

event manager applet backupconfig
event timer watchdog time 86400 
action 0 cli command "copy /noconfirm disk0:/running-config6 disk0:/running-config7"
action 2 cli command "copy /noconfirm disk0:/running-config5 disk0:/running-config6"
action 3 cli command "copy /noconfirm disk0:/running-config4 disk0:/running-config5"
action 4 cli command "copy /noconfirm disk0:/running-config3 disk0:/running-config4"
action 5 cli command "copy /noconfirm disk0:/running-config2 disk0:/running-config3"
action 6 cli command "copy /noconfirm disk0:/running-config1 disk0:/running-config2"
action 7 cli command "copy /noconfirm disk0:/running-config disk0:/running-config1"
action 8 cli command "copy /noconfirm running-config disk0:/running-config"
output none

 

Hope this make sense ?

BB
*** Rate All Helpful Responses ***