guruprasadr Tue, 04/29/2008 - 03:42
User Badges:
  • Gold, 750 points or more

HI, [Pls Rate if HELPS]


Script provided on how to perform a periodic back up of a file in router's flash to an FTP server:


event manager applet backup-crl

event timer watchdog time 86400 maxrun 4294967295

action 1.0 cli command "enable"

action 2.0 cli command "copy flash:/iosca.crl ftp://username:passwd@a.b.c.d/" pattern "a.b.c.d"

action 3.0 cli command "a.b.c.d" pattern "iosca.crl"

action 4.0 cli command "iosca.crl"

action 5.0 syslog msg "FTP backup successful"


Refer Link below for more such EEM Scripts Posted:


http://forums.cisco.com/eforum/servlet/EEM?page=main


Hope I am Informative.


Pls Rate if HELPS


Best Regards,


Guru Prasad R

mpozorski Tue, 04/29/2008 - 08:28
User Badges:

I don't know if it's the best way, but I have ours setup with a simple expect script. The script is setup to run as a job on the server every night at 1:00am. The script basically telnets to the switches and routers throughout the network and copies the configuration via tftp to a server and the tftp root directory on that server is setup as a website that can be accessed via our intranet from our admin network. Here is a sample of the expect script I'm using for our gear;

#!/usr/bin/expect

# ACCESSW01

# Backup script for ACCESSW01

#

set timeout 15

set name "username"

set pass "password-for-user"

spawn telnet ACCESSW01

expect "sername:"

send "$name\r"

expect "assword:"

send "$pass\r"

expect "HQ-ACCESSW01#"

send "copy start tftp\r"

expect "ddress or name of remote host []?"

send "XXX.XXX.XXX.XXX\r"

expect "?"

send "\r"

expect "HQ-ACCESSW01#"

send "exit\r"

expect eof

It is a rather simple approach although probably not best practice as the username and password are stored in plain text on a server. For a little added security I setup the user on our ACS server to only be able to run the command listed (copy start tftp) so that if the account were compromised the only command they could run is that. I have access-lists in place that denies tftp traffic to the outside so theoretically they could copy the configuration to an internal host which so far has not been an issue for us. Like I said before this is probably not the best solution but it works.

Actions

This Discussion