Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7062
Views
21
Helpful
11
Replies

Cisco ASA EEM Variables

Jason Kopacko
Level 4
Level 4

‎11-13-2015 10:23 AM

I have an EEM applet that nightly makes a backup of all my ASA firewalls. I have to, daily move the config backups so the next backup doesn't just over write the config.

I would like to pass a variable or append the timestamp so that the backup is archived versus overwritten on the FTP server.

I can't seem to find any information on how to pass a variable or include the timestamp in the file transfer.

1 person had this problem
Labels:
0 Helpful
11 Replies 11

Joe Clarke
Cisco Employee
Cisco Employee

‎11-17-2015 07:20 AM

This is not possible in ASA EEM.  The closest thing is the output file rotate capability.  Where you can rotate the output file can change with an incrementing number.  If you keep this on flash and copy the file to your FTP server, you could at least have a unique name.

0 Helpful

Jason Kopacko
Level 4
Level 4
In response to Joe Clarke

‎11-17-2015 07:30 AM

So you are saying store the file locally first with the EEM and then copy it off to the ftp server?

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Jason Kopacko

‎11-17-2015 07:32 AM

Yes, using output file rotate.

0 Helpful

ronshuster
Level 1
Level 1

‎12-07-2015 05:10 PM

Can you share that script pls?

0 Helpful

Jason Kopacko
Level 4
Level 4
In response to ronshuster

‎12-09-2015 10:51 AM

I have not gotten the output file rotate function to work correctly. As soon as I do, I will post it here.

Here is what I have right now:

event manager applet Config_Backup
 event timer absolute time 0:00:00
 event none
 action 1 cli command "enable"
 action 2 cli command "copy /noconfirm running-config ftp://user:pass@x.x.x.x/firewallname.ftp.config"
 action 3 cli command "exit"
 output none
0 Helpful

ronshuster
Level 1
Level 1
In response to Jason Kopacko

‎12-09-2015 10:58 AM

Thanks Jason, does this work on both x and non x series ASA's?

Any minimum requirements as far as IOS code?

0 Helpful

Jason Kopacko
Level 4
Level 4
In response to ronshuster

‎12-09-2015 11:27 AM

I am not sure about non X series and I am on 9.2(3) for all my sites.

0 Helpful

ronshuster
Level 1
Level 1
In response to Jason Kopacko

‎12-10-2015 07:20 AM

Jason, so every time I would "wr me" on the firewall the script will copy the config to my tftp server? Same concept as "archive"?  Or is there something else that would trigger the copy?  Thanks again.

0 Helpful

Christian Maier
Level 1
Level 1
In response to ronshuster

‎01-15-2016 05:41 AM

what I did is to lisen to the syslog id 111005 (end configuration):

event syslog id 111005

this way, as soon as there is a config change the ASA copies the file to the SCP server.

0 Helpful

jaromir.grich.888
Level 1
Level 1

‎09-08-2017 03:20 AM

I'm using this config for weekly backup:

event manager applet backup
 event none
 event timer watchdog time 604800
 action 0 cli command "backup /noconfirm location tftp://X.X.X.X/"
 output none

 

and output is hostname.backup.timestamp.tar.gz

 

Yura Kazakevich
Level 1
Level 1
In response to jaromir.grich.888

‎05-15-2018 06:40 AM

Thank you very much, jaromir.grich.888 for this great answer!
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card