04-10-2008 07:30 AM
It would be great if we could schedule a task sending us the actual configuration file by mail every week. (We know, that we can mail the file manually from 'System Administration', 'Configuration File').
Security is not an issue for us, such a mail doesn't leave the company.
The final goal is an actual backup file on our backup-server.
We have a special mailbox to process such mails and save the attachment(s) to a network drive according to the sender-address.
Is this possible?
04-11-2008 11:18 PM
Yes, this is possible. I have craeted a litte nix shell script that can do the job (i'm not a briliant Unix admin so there might be some enhancements possible, please inform me of these if you are a GURU)
the script is scheduled in the crontab of my Unix management server. The user that owns and executes the crontab has a SSH public key authentication active for connecting to the Ironports.
change the MAILTO variable to your Email address of choise and fill in the hostnames that you can connect to.
Good luck!
Steven
#!/usr/local/bin/bash
# mail the Ironport configuration files to a mailbox.
# user corntab to schedule this script once a week
# make sure the user that owns the crontab can connect
# to the devices with SSH public key authentication
# 19-07-07 Steven Geerts V1.0
MAILTO=your.admin.mailbox@your.domain
LOGONUSR=TheUserIdYouHaveSSHlogonFor
# Ironport device 1
ssh $LOGONUSR@DevicenameOne mailconfig $MAILTO n
# Ironport device 2
ssh $LOGONUSR@DevicenameTwo mailconfig $MAILTO n
04-12-2008 11:45 AM
Thank you for that script! I will try it next week @ work.
Just one little question: What does 'n' stand for?
04-12-2008 02:10 PM
that's an option of the mailconfig command.
The "n" indicates the passwords of your users are not exported, if you provide a "y" as option the passwordt are noted in the config file
04-14-2008 12:19 PM
It works!
We are working in a windows environment with this adapted batchfile:
REM
REM Mail the Ironport configuration files to a mailbox.
REM Use windows tasks to schedule this script once a week
REM Make sure the user used in tasks can connect to the
REM devices with SSH public key authentication
REM
REM Separate multiple mail-addresses with commas.
SET MAILTO=myown.account@company.com
SET LOGONusr=IronPortLoginUserName
SET IronPort1=1.2.3.4
SET IronPort2=1.2.3.5
@ECHO IronPort 4
ssh %LOGONusr%@%IronPort1% mailconfig %MAILTO% y
@ECHO IronPort 5
ssh %LOGONUSR%@%IronPort2% mailconfig %MAILTO% y
Do you want to include passwords? Please be aware that a configuration without passwords will fail when reloaded with loadconfig.
04-15-2008 02:40 PM
Please remember that if you are using this backup of the configuration file for disaster recovery that you must NOT mask passwords, otherwise it won't load back on.
Regards
04-16-2008 07:29 AM
Do you know the command line parameter for 'unmasking'?
04-16-2008 10:14 AM
All you need to do is to make sure that you DO include passwords when using the mailconfig from the CLI
Regards
04-16-2008 10:41 AM
Ahh, now I understand. This has nothing to do with the fact that even with the parameter 'y' the password will not be saved in cleartext (unmasked) in the XML.
04-16-2008 11:49 AM
So from what I know of that script, the "Y" should be the trigger to chose to include passwords, this will enable a loadbale configuration file. Choosing "Y" means that in the configuration file you should have the hashed password using the "md5" algorithm, if you say "N" to including passwords then the configuration will include *******'s instead of the password.
Hope this makes sense, basically "y" can be used for disaster recovery and "n" can't :wink:
04-16-2008 04:17 PM
Now if you guys could just get saveconfig/loadconfig to work properly in a clustered environment, that would be great. Saving the configuration doesn't do much good if you can't load it back in later.
Failing that, I'd be satisfied with a tool that would take the saved configuration file from a cluster and break it out into individual, non-clustered configuration files for each cluster member. That would let me load a standalone ESA with the right configuration and bootstrap a new cluster from it.
04-16-2008 04:21 PM
Yes totally new forum all together but you are correct, we do have some items roadmapped for upgrades and configuration files, however at the moment you can either save the clustered config and remove any items referencing the cluster, or the easier way is to disconnect a machine from the cluster and then take the config and rejoin afterwards :)
Watch this space as improvements could be on the way, for more information contact your local Product Manager
04-16-2008 04:37 PM
save the clustered config and remove any items referencing the cluster
disconnect a machine from the cluster and then take the config and rejoin afterwards
Watch this space as improvements could be on the way, for more information contact your local Product Manager
04-16-2008 04:44 PM
Yes yet again me typing too quickly misses half of the story out, you are correct but the method that I mentioned is away of getting the configuration of one machine and being able to use it at a later date to place back on one machine, obviously you would need to recreate the cluster all over again.
04-16-2008 04:57 PM
Recreating the cluster doesn't bother me. Editing a cluster config file to produce a standalone config file is what I'm worried about. Like I said, I could probably figure it out, it just wouldn't inspire me with the greatest confidence.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: