Cisco ASA 5545x EEM Backup Script

TW80CJ5 · ‎03-15-2022

Hello Everyone,

We are using EEM to create several ups to our scp server. We would like to append something to the end of each file name so that the previous backup does not get overwritten.

For example, here is what I am using on a 4431 router config and it appends date and time perfectly:

event manager applet BACKUP_BEFORE_CONFIG_CHANGE authorization bypass
description Backup of Config Before Changes Made To Local SCP Server
event syslog pattern "%SEC_LOGIN-5-LOGIN_SUCCESS"
action 1.0 info type routername
action 1.1 set hostname "$_info_routername"
action 1.2 set epoch "$_event_pub_sec"
action 1.3 cli command "enable"
action 1.4 cli command "copy running-config scp://username:pw@192.168.1.10/ROUTER/CONFIG_CHANGE_BACKUP/$hostname" pattern "Address"
action 1.5 cli command "" pattern "Destination"
action 1.6 cli command "" pattern "Destination"
action 1.7 cli command ""

Here is what I am using on my asa, but when the backups run, it overwrites the file in the directory:

event manager applet BACKUP_BEFORE_CONFIG_CHANGE
description Backup of Config Before Changes Made To Local SCP Server
event syslog id 605005 occurs 1
action 0 cli command "copy /noconfirm running-config scp://username:pw@192.168.1.10/ASA/CONFIG_CHANGE_BACKUP/FWL-NAME_BACKUP_BEFORE_CONFIG_CHANGE"
output none
!
event manager applet DAILY_RUN_CONFIG_BACKUP
description Daily Run Config Backup To Local SCP Server
event timer watchdog time 86400
event none
action 0 cli command "copy /noconfirm running-config scp://username:pw@192.168.1.10/ASA/RUN/FWL-NAME_RUN_CONFIG"
output none
!
event manager applet DAILY_STARTUP_CONFIG_BACKUP
description Daily Start Config Backup To Local SCP Server
event timer watchdog time 86500
event none
action 0 cli command "copy /noconfirm startup-config scp://username:pw@192.168.1.10/ASA/START/FWL-NAME_START_CONFIG"
output none

balaji.bandi · ‎03-15-2022

why not backup directly using EEM, so the file will be created with time stamp example :

event manager applet ASA-Backup
event none
event timer watchdog time 86400
action 0 cli command "backup /noconfirm location tftp://X.X.X.X/"
output none

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TW80CJ5 · ‎03-15-2022

Hey BB...

Thanks for the info. Yes, we are currently doing that internally, but wanted all of our production ASA's to have a running or startup config backup in addition to the "backup.tar.gz" file.

If this is our only option, we will roll it out, but a backup in a .cfg or .txt makes restoring a little easier and or manipulating the config.

balaji.bandi · ‎03-15-2022

From EEM ASA that is the only option we see, but out of the box, you can do any format you like.

exmaple you can use bash script or python Loging to ASA and get config and write what ever format you like.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎03-15-2022

@balaji.bandi Interesting...can you post these bash and Python scripts for reference ?

balaji.bandi · ‎03-15-2022

here is a script that runs out of the Box using Python3: with some testings.

https://www.balajibandi.com/?p=1437

I had not that great outcome regex with ASA, so we use the above script with more advanced detection, but i posted basic code it help people who are interested.

Note : the site has SSL issue, kindly bare with me, it was already reported need to update new certs on the server.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TW80CJ5 · ‎03-16-2022

Hey BB...We hope to test the python script tomorrow...keep you posted.

Georg Pauwen · ‎03-15-2022

Hello,

I am not really sure what exactly you are looking for, but the below would add an epoch timestamp to each filename:

action 0 cli command "copy /noconfirm startup-config scp://username:pw@192.168.1.10/ASA/START/FWL-NAME_START_CONFIG_$_event_pub_sec"
output none

TW80CJ5 · ‎03-15-2022

Hey George...

Yessir, we tried that. I will copy the config over, but it returns FWL-NAME_START_CONFIG_$_event_pub_sec, not date time.

Georg Pauwen · ‎03-15-2022

Hello,

ASA has limited EEM support as far as I recall. Try the script below:

event manager applet DAILY_RUN_CONFIG_BACKUP
description Daily Run Config Backup To Local SCP Server
event timer watchdog time 86400
event none
action 1.01 cli command "enable"
action 1.02 cli command "show clock"
action 1.03 regexp "(2[0-3]|[01][0-9]):([0-6][0-9]):([0-6][0-9])" "$_cli_result" time hour minute second
action 1.04 puts "$time"
action 1.05 puts "$hour"
action 1.06 puts "$minute"
action 1.07 puts "$second"
action 1.11 cli command "show clock"
action 1.12 regexp "(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ([1-9]|0[1-9]|[1-2][0-9]|3[0-1]) (20[1-9][0-9])" "$_cli_result" time2 month day year
action 1.13 puts "$time2"
action 1.14 puts "$month"
action 1.15 puts "$day"
action 1.16 puts "$year"
action 1.17 cli command "copy /noconfirm running-config scp://username:pw@192.168.1.10/ASA/RUN/FWL-NAME_RUN_CONFIG-$year$month$day-$hour$minute$second.txt"
output none