Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
8417
Views
10
Helpful
6
Replies

ASA - Backup config on change

Leo.Juszk
Level 1
Level 1

ā€Ž02-20-2017 11:26 AM - edited ā€Ž03-12-2019 01:57 AM

Hi. Is there any equivalent to the CISCO IOS archive?

Something like:

archive
log config
logging enable
logging size 200
hidekeys
notify syslog contenttype plaintext
path scp://user:pass@1.1.1.1/$h-$t
write-memory

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž02-20-2017 07:12 PM

Since ASA 9.2, we have had Embedded Event Manager (EEM). You can create an EEM configuration to watch for the syslog id of the configuration being changed and trigger a backup.

Here are some examples:

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117883-config-eem-00.html#anc10

https://www.youtube.com/watch?v=zIqyMefEzk8

More a most thorough backup, you can use the backup command (available since ASA 9.3(2)).

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/b.html

0 Helpful

Leo.Juszk
Level 1
Level 1
In response to Marvin Rhoads

ā€Ž02-23-2017 08:46 AM

Thanks Marvin. Instead of scheduling could do it on demand? 

Say, everytime you type the write command, instead at a specific hour/time.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Leo.Juszk

ā€Ž02-23-2017 09:11 AM

I haven't tried it, but you should be able to:

Create an EEM applet to have two actions - write mem and backup

Create a command-alias to replace "write" with the event manager applet ("event manager run <applet name>")

mrametta
Level 1
Level 1
In response to Marvin Rhoads

ā€Ž10-13-2018 08:37 AM

Marvin,

 

Just thought I would write a comment to thank you for your help not only on this one but several others.

 

It seems almost everytime I have a question and do a google search (which is quite a bit) you have the answer, nice work and thanks for the Help.

 

I can see how you are a Hall of Fame Master - is that the Highest Level ? Whatever the highest is Yoda, Sensei, Master of all things Security Related - you should be it :) 

 

Thanks again,

Mark

0 Helpful

mkazam001
Level 3
Level 3
In response to mrametta

ā€Ž11-03-2018 04:44 PM

here's an actual verified/working config to auto backup the asa on a daily basis:

 

ASA5515X(config)# event manager applet backup-config
ASA5515X(config-applet)# event timer absolute time 11:45:00
ASA5515X(config-applet)# action 0 cli command "copy /noconfirm running-config tftp://172.27.0.1/asa-cfg.txt"
ASA5515X(config-applet)# output none

 

ASA5515X# sh event manager
event manager applet backup-config, hits 1, last 2018/04/25 11:45:00 last file none
event absolute 11:45:00, left 83816 secs, hits 1, last 2018/04/25 11:45:00
action 0 cli command "copy /noconfirm running-config tftp://172.27.0.1/asa-cfg.txt", hits 1, last 2018/04/25 11:45:00

 

hope that helps.

Azam

Olivier Pelletier
Cisco Employee
Cisco Employee
In response to mkazam001

ā€Ž04-29-2020 10:45 AM - edited ā€Ž04-29-2020 10:45 AM

Here's an example using the "backup" command:

event manager applet backup-asa
 description Backup ASA upon saving config
 event syslog id 111004
 action 0 cli command "backup /noconfirm location tftp://192.168.1.20/configs/"
 output none

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card