Re: ASA Backup EEM Script, Repeat Until Successful

PatrickBixler22547 · ‎10-25-2021

I am in the process of writing up an EEM scrip for an ASA to do a scheduled backup. I have found a few references for this, but I ran into an issue with one of my ASAs giving a "Resource temporarily unavailable" message which ended with "ERROR: Backup failed!". I waited a couple of minutes between attempts, but after the 4th, I was able to get a good backup.

My initial EEM script is below. This should do a backup to an SCP server at 1AM every morning. We dont make a lot of changes so I may need to change that to something like once every week, but for now this should be daily so that I can see if I get daily backups.

event manager applet DailyBackup
desc "Backup the ASA"
event timer absolute time 1:00:00
action 10 cli command "backup /noconfirm location scp://USERNAME:PASSWORD@SERVERIP/mainfolder/ASAfolder/"
output none

The logic I may be looking for to make this a bit more generic (in case there are other issues), is to see if there is a "Backup failed!" message. If so, then wait 5 minutes and try again. If there is a "Backup finished!" messaged, then end. Those messages appeared on the console when I was SSH'd into it and manually running the backup command. I did not see anything in the logfile.

I have been looking at the Community posts and Cisco documentation, but have not found anything that resembles this.

balaji.bandi · ‎10-25-2021

it will be a small file, i am sure as long as SCP Server is available it will be a backup.

so start with backup with email notification is good option, also not sure what will be failied message generates on ASA that need to be capture to make next action. either you crate a failure scenario and provide logs so we can suggest based on failure take action again.

example can be find here :

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/216091-best-practices-and-useful-scripts-for-ee.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PatrickBixler22547 · ‎10-26-2021

Below was the error message as seen on the console. There was nothing written to the log file.

No filename provided! Using default hostname.backup.2021-10-25-105826.tar.gz

Warning: This device is part of a failover set up. This command is not replicated to the other unit. Each unit in the failover needs to be backed up separately
Begin backup ...
Backing up [ASA Version] ... Done!
Backing up [Running Configurations] ...Cryptochecksum: xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
Done!
Backing up [Startup Configurations] ... Done!
Backing up [WebVPN Data] ... Done!
Compressing the backup directory ... Done!
Copying Backup ...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
%Error writing scp://USERNAME:PASSWORD@SERVERIP/mainfolder/ASAfolder/ /hostname.backup.2021-10-25-105826.tar.gz (Resource temporarily unavailable)ERROR: Resource temporarily unavailable
Failed!
Cleaning up ... Done!
ERROR: Backup failed!

As noted in the original post, the idea would be to look for that "Backup failed" message, wait 5 minutes, then repeat the backup process.

Below is the console message of a successful backup.

No filename provided! Using default hostname.backup.2021-10-25-105826.tar.gz
Warning: This device is part of a failover set up. This command is not replicated to the other unit. Each unit in the failover needs to be backed up separately
Begin backup ...
Backing up [ASA Version] ... Done!
Backing up [Running Configurations] ...Cryptochecksum: xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
Done!
Backing up [Startup Configurations] ... Done!
Backing up [WebVPN Data] ... Done!
Compressing the backup directory ... Done!
Copying Backup ...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Done!
Cleaning up ... Done!
Backup finished!

I had looked through that best practice document with the sample scripts, but there isn't anything there that fits what I am looking for.

What I am looking for is something that will monitor the CLI and if there is a Backup failed message, it will wait 5 minutes, then run the backup again. It will need to repeat that process until there is a Backup finished message.