Solved: Re: EEM BACK UP - Need to Update Config

TW80CJ5 · ‎06-23-2021

Hello Everyone...

See below for a config in production that I can verify that works. The problem is that it creates a backup of the configuration AFTER you type "config t", make changes, then exit. I need the EEM Applet to make a backup BEFORE any changes are made:

This works, but makes the backup at the WRONG time:
event manager applet BACKUP_BEFORE_CONFIG_CHANGE
description Backup of Config Before Changes Made
event syslog pattern "%SYS-5-CONFIG_I"
action 010 cli command "enable"
action 020 cli command "copy running-config scp://username:password@xxx.xxx.xxx.xxx/SWITCH/CONFIG_CHANGE_BACKUP/SWITCH1" pattern "Address"
action 030 cli command "" pattern "Destination"
action 040 cli command "" pattern "Destination"
action 050 cli command ""

This configuration works as needed, however, I need to be able to capture the variations of "config t" when entered: Such as "configure terminal", "conf t", "config t"....I know I can have 3 different EEM Applets to capture the variations, but is there a way to combine them together ???

Here is what makes a backup of the configuration BEFORE any changes are made:
event manager applet BACKUP_BEFORE_CONFIG_CHANGE
description Backup of Config Before Changes Made
event cli pattern "configure terminal" enter ********Would like to add "conf t" and "configure terminal"
action 010 cli command "enable"
action 020 cli command "copy running-config scp://username:password@xxx.xxx.xxx.xxx/SWITCH/CONFIG_CHANGE_BACKUP/SWITCH1" pattern "Address"
action 030 cli command "" pattern "Destination"
action 040 cli command "" pattern "Destination"
action 050 cli command ""

Thoughts / Suggestions????

TW80CJ5 · ‎06-28-2021

OK, here is what I ended up with. This works great across Cisco Router and Switches. I wanted to give it a few days to verify it as good:

This will kick out a Daily Run Config backup, Daily Startup Config backup and a backup when a user successfully logs into the device with AAA Authorization enabled.

event

event manager applet DAILY_RUNNING_CONFIG_BACKUP
description Daily Running Config Backup
event timer watchdog time 86400
action 1.0 info type routername
action 1.1 set hostname "$_info_routername"
action 1.2 set epoch "$_event_pub_sec"
action 1.3 cli command "enable"
action 1.4 cli command "copy running-config scp://username:password@192.168.1.10/ROUTER/RUN/$hostname" pattern "Address"
action 1.5 cli command "" pattern "Destination"
action 1.6 cli command "" pattern "Destination"
action 1.7 cli command ""
event manager applet STARTUP_CONFIG_BACKUP
description Daily Start Config Backup
event timer watchdog time 86430
action 1.0 info type routername
action 1.1 set hostname "$_info_routername"
action 1.2 set epoch "$_event_pub_sec"
action 1.3 cli command "enable"
action 1.4 cli command "copy start scp://username:password@192.168.1.10/ROUTER/START/$hostname" pattern "Address"
action 1.5 cli command "" pattern "Destination"
action 1.6 cli command "" pattern "Destination"
action 1.7 cli command ""
event manager applet CONFIG_CHANGE
description Backup of Config Before Changes Made
event syslog pattern "%SEC_LOGIN-5-LOGIN_SUCCESS"
action 1.0 info type routername
action 1.1 set hostname "$_info_routername"
action 1.2 set epoch "$_event_pub_sec"
action 1.3 cli command "enable"
action 1.4 cli command "copy running-config scp://username:password@192.168.1.10/ROUTER/CONFIG_CHANGE_BACKUP/$hostname" pattern "Address"
action 1.5 cli command "" pattern "Destination"
action 1.6 cli command "" pattern "Destination"
action 1.7 cli command ""

View solution in original post

balaji.bandi · ‎06-23-2021

 I need to be able to capture the variations of "config t" when entered: Such as "configure terminal", "conf t", "config t"...

all have one message on the syslog right ? capture that syslog message ?

or am i missing your requirement wrong ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TW80CJ5 · ‎06-23-2021

Hmmmm let me run logging and see if I can grab that message. The other syslog message is only generated AFTER you exit out of config t.
I will test out in the morning and follow up.

balaji.bandi · ‎06-24-2021

You can use archive config to log user input commands (not sure what device is this ? you might have told in other post, just lost it)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TW80CJ5 · ‎06-24-2021

BB,

Ok here is what I am seeing...

when "config t" or "conf t" or "configure terminal" is enterred, this line in the log is generate: "command_string=configure terminal"

When I sign into the Cisco Router / Switch, this is generated: "%SEC_LOGIN-5-LOGIN_SUCCESS". This may be easier to hook into to generate the automatic backup.

However, is there a way to add the "command_string=configure terminal" to the EEM applet to generate the backup...??? This would be preferred...

balaji.bandi · ‎06-24-2021

"%SEC_LOGIN-5-LOGIN_SUCCESS".

this message is Login to device, this is not for configuration

you can use user archive commands :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-versioning.html#GUID-2151E605-3374-406F-A435-C2C67AE94AB9

EEM Script triggers based on the logs.

Let me think any other way.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rolf Fischer · ‎06-25-2021

Hello,

you can use a regular expression for the pattern argument, e.g.:

event cli pattern "conf[a-z]* t[a-z]*" enter

This is of course a very simple regular expression, it would also match things like "confxyz tabc". A regexp with syntax-check would be possible as well, but somewhat complex...

TW80CJ5 · ‎06-28-2021

OK, here is what I ended up with. This works great across Cisco Router and Switches. I wanted to give it a few days to verify it as good:

This will kick out a Daily Run Config backup, Daily Startup Config backup and a backup when a user successfully logs into the device with AAA Authorization enabled.

event

event manager applet DAILY_RUNNING_CONFIG_BACKUP
description Daily Running Config Backup
event timer watchdog time 86400
action 1.0 info type routername
action 1.1 set hostname "$_info_routername"
action 1.2 set epoch "$_event_pub_sec"
action 1.3 cli command "enable"
action 1.4 cli command "copy running-config scp://username:password@192.168.1.10/ROUTER/RUN/$hostname" pattern "Address"
action 1.5 cli command "" pattern "Destination"
action 1.6 cli command "" pattern "Destination"
action 1.7 cli command ""
event manager applet STARTUP_CONFIG_BACKUP
description Daily Start Config Backup
event timer watchdog time 86430
action 1.0 info type routername
action 1.1 set hostname "$_info_routername"
action 1.2 set epoch "$_event_pub_sec"
action 1.3 cli command "enable"
action 1.4 cli command "copy start scp://username:password@192.168.1.10/ROUTER/START/$hostname" pattern "Address"
action 1.5 cli command "" pattern "Destination"
action 1.6 cli command "" pattern "Destination"
action 1.7 cli command ""
event manager applet CONFIG_CHANGE
description Backup of Config Before Changes Made
event syslog pattern "%SEC_LOGIN-5-LOGIN_SUCCESS"
action 1.0 info type routername
action 1.1 set hostname "$_info_routername"
action 1.2 set epoch "$_event_pub_sec"
action 1.3 cli command "enable"
action 1.4 cli command "copy running-config scp://username:password@192.168.1.10/ROUTER/CONFIG_CHANGE_BACKUP/$hostname" pattern "Address"
action 1.5 cli command "" pattern "Destination"
action 1.6 cli command "" pattern "Destination"
action 1.7 cli command ""