09-21-2009 06:51 AM
I have been using the EEM to backup a Cisco IOS CA routers critical files to an ftp server. However, I would like to also backup the .cnm files as well but as the numbers of the change constantly due to certificate renewal I can't name them all. Is it possible to use a wildcard (*.cnm) and loop the routine until it is done?
Solved! Go to Solution.
09-21-2009 11:30 AM
No. You need to pick a directory on flash in which EEM Tcl policies will be stored (e.g. flash:/policies). Then, copy this file to that directory. Then configure the following:
event manager directory user policy flash:/policies
event manager policy tm_ca_backup.tcl
09-21-2009 06:55 AM
Yes this is possible using glob. I wrote a simple little Tcl snippet to do this which I posted in this thread:
It should plug right into an EEM Tcl policy, but if you require more help adapting this to EEM, let me know.
09-21-2009 10:21 AM
Thanks for the quick reply. I am no TCL guru by any stretch of the imagination. In looking at the thread you linked I see two TCL snippets:
set fileList [glob -directory flash: -nocomplain *]
foreach file $fileList {
copy flash:/$file usbflash1:/$file
}
**************************************************************
set fileList [glob -directory flash: -nocomplain *]
foreach file $fileList {
copy $file usbflash1:
}
I'm not sure which one I should use. My use of EEM is limited to the action cli commands so I'm not sure how I would plug this into EEM.
09-21-2009 10:33 AM
You would use the second example as the $file variable will have the file system name in it. What does your current EEM backup policy look like?
09-21-2009 10:59 AM
OK, thanks for the clarification. Here is what I use now:
event manager applet CA_Backup
event timer cron cron-entry "0 3 * * 0-6"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "file prompt quiet"
action 4.0 cli command "end"
action 5.0 cli command "copy nvram:ST_3825_CA#1CA.cer ftp://10.111.1.127/"
action 5.1 cli command "copy flash:ST_3825_CA.ser ftp://10.111.1.127/"
action 5.2 cli command "copy flash:ST_3825_CA.crl ftp://10.111.1.127/"
action 5.3 cli command "copy flash:ST_3825_CA_00001.p12 ftp://10.111.1.127/"
action 5.4 cli command "copy flash:DMVPN-CA-Key.pub ftp://10.111.1.127/"
action 5.5 cli command "copy flash:DMVPN-CA-Key.prv ftp://10.111.1.127/"
action 5.6 cli command "copy nvram:startup-config ftp://10.111.1.127/"
action 6.0 cli command "config t"
action 7.0 cli command "no file prompt quiet"
action 8.0 cli command "end"
09-21-2009 11:07 AM
09-21-2009 11:26 AM
Thanks, Joe I could have typed for a few years and never developed this. Forgive my ignorance but do I just paste this into the config?
09-21-2009 11:30 AM
No. You need to pick a directory on flash in which EEM Tcl policies will be stored (e.g. flash:/policies). Then, copy this file to that directory. Then configure the following:
event manager directory user policy flash:/policies
event manager policy tm_ca_backup.tcl
09-21-2009 11:34 AM
You should write a book on TCL for Cisco. :-) Thanks for all your help. I will try implementing this today.
09-21-2009 12:03 PM
Does/Can the latest LMS back up Tcl scripts, or is that feature on the road map? What is Cisco's recommended practice for backing up flash-based files such as this?
09-21-2009 12:05 PM
No, LMS does not backup arbitrary flash files like it does with vlan.dat. There is discussion about some more EEM management in LMS for a future release.
In the EEM space, we recommend you keep local backups of all your policies, but this must be done manually, or by using another EEM policy to do it.
09-24-2009 09:56 AM
Hi Joe,
The script you created worked great the first night but it has failed the last two nights in a row. When I go on the ftp server I can see that it fails at exactly the same file. The file is available and the permissions are OK so I am not sure what the issue might be. Can you help?
I've attached the error log.
Thanks...
09-24-2009 10:00 AM
What do you see if you try to copy this file manually to the FTP server?
09-24-2009 10:03 AM
Thanks for the quick reply Joe. I just ftp'd manually without issue:
ST_3825_CA#copy flash:C.cnm ftp://10.111.1.127/
Writing C.cnm !
115 bytes copied in 0.040 secs (2875 bytes/sec)
09-24-2009 10:06 AM
Okay, then change the first line of the script, and add:
maxrun 600
Then unregister and re-register the policy, and it should work going forward.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide