LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-15-2007, 10:55 PM   #1
creatorrr
Member
 
Registered: Nov 2007
Posts: 40

Rep: Reputation: 15
How to auto-archive Cisco router configuration?


Hi All,

Is there any utility in Linux that can automatically save Cisco router/switches configurations? Something like kiwitools for windows?

Thank You

Last edited by creatorrr; 11-15-2007 at 11:37 PM.
 
Old 11-16-2007, 04:47 PM   #2
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 68
You could run a tftp server on Linux and back it up over tftp.

-Chad
 
Old 11-17-2007, 05:44 AM   #3
creatorrr
Member
 
Registered: Nov 2007
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by MasterC View Post
You could run a tftp server on Linux and back it up over tftp.

-Chad
Can i automate that?
 
Old 11-17-2007, 10:23 AM   #4
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 68
That would be a Cisco question really, but my limited knowledge on the topic says no. In reality you shouldn't be changing it that often to have a need to automate a backup. You could force it in your practice to backup to tftp before AND after any changes are made; we do this on the rare occasion we make changes to our router or switches.

-Chad
 
Old 11-17-2007, 10:24 AM   #5
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 68
Moved: This thread is more suitable in Linux - Networking and has been moved accordingly to help your thread/question get the exposure it deserves.

-Chad
 
Old 11-17-2007, 11:36 AM   #6
bmarx
Member
 
Registered: Dec 2004
Distribution: Slackware, Arch, FreeBSD
Posts: 202

Rep: Reputation: 34
How often do you change the router configuration that you need to automate the backup? Even when you do change the configuration, executing a "copy run start" followed by a "copy run tftp" to a remote tftp server are trivial tasks. Ideally, the config should change as little as possible. This just seems like an odd thing to be doing.

That said, i imagine that you could do the same thing with "expect" to automate the above commands via telnet with a cron job. Although, i would put an acl on the vty, only allowing connections from the ips you specify.
 
Old 11-17-2007, 08:09 PM   #7
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Although I agree with the comments about "backup after changing a config", some of us work for corporations that have policy that states all configs will be backed up on a daily basis. In fact, I work for a company that has auditors that ask for proof. <groan!>

In order to satisfy the auditors, I wrote a shell script (see below) that backs up hundreds of cisco routers and switches nightly using tftp from a linux box. I chose this method over telnet/write terminal just because it was easier to code and maintained the same security posture.

The key to making this script work is to edit the DEVICES variable along with setting up a base directory structure for all the downloaded files. I have removed all but four devices as an example. The header section contains info on howto config router/switch to allow tftp access.

NOTE: I copied this script to /etc/cron.daily.

[root@inetsyslog cron.daily]# cat cisco_tftp_backup
Code:
#!/bin/bash
#########################################################################
# Name: cisco_tftp_backup
# Author: Steve Cowles <scowles@infohiiway.com>
#
# Revision: Created 10/1/2005 SWC
# Revision: 03/26/06 - SWC 
#           Added capability to save config data by date.
#
# Description: Shell Script to backup cisco startup-config files
#              using tftp and store in pre-defined directory structure
#
# Directory structure for script is:
#   base_dir             /backup/cisco/{date}
#     device type           /router
#        hostname              /r1
#           filename              startup-config
#        hostname              /r2
#           filename              startup-config
#     device type           /switch
#        hostname              /s1
#           filename              startup-config
#        hostname              /s2
#           filename              startup-config
#
# Note 1: Cisco IOS requires you to configure tftp server access prior
#         to adding a router or switch to this script
# Something like:
#   access-list 55 remark PERMIT hosts requesting TFTP access
#   access-list 55 permit host 10.1.100.201
#   tftp-server nvram:startup-config 55
#
# 10.1.100.201 is the IP address of the system running this script
# nvram:startup-config is the only file allowed to be copied
#########################################################################

####################################################
# Error handlers
error_no_tftp_exec ()
{
        echo "ERROR - Filename '$1' does not exist"
        exit
}

error_no_backup ()
{
        echo "ERROR - Unable to backup Host '$1'"
}

error_zero_length ()
{
        echo "ERROR - Hostname '$1' backup has a zero size"
}
####################################################

# If tftp executable does not exist... then exit
CMD=tftp ; TFTP=`which ${CMD} 2>/dev/null`
[ ! -x "${TFTP}" ] && error_no_tftp_exec ${CMD}

####################################################
# Variable Section, edit below to meet requirements
####################################################

# Define/load a variable to store the device information
# of all routers/switches to backup using tftp.
#
# Values are separated by colons (:)
#     Value 1 = Device Type        (sub-dir created)
#     Value 2 = Device Hostname    (sub-dir created)
#     Value 3 = Device IP address
DEVICES="
router:allar1:10.100.12.1
switch:allsw1:10.100.12.2
router:lewar1:10.100.16.1
switch:lewsw1:10.100.16.2
"

# Should an error occur during execution, e-mail
# errors to following person. i.e. If run as cronjob
MAILTO="scowles@infohiiway.com"

# Define the base directory where you want to store
# files retreived from all devices. All subordinate
# directories will created relative to this base
BASELOG=/var/log/cisco_configs
BASEDIR=${BASELOG}/`date +%m.%d.%y`

# Define the filename to (get) from device using tftp
# See note 1 above
FILENAME=startup-config

####################################################
# END Variable Section, No servicable parts below
####################################################

###################################################################
# Begin Executable Section (do NOT edit below)
###################################################################

# If base directory does not exist, create it
[ ! -d ${BASEDIR} ] && mkdir ${BASEDIR}

# Update the symbolic link to point to the current BASEDIR directory
if [ -d ${BASELOG} ] ; then
        # Router link
        rm ${BASELOG}/router
        ln -s ${BASEDIR}/router ${BASELOG}/router

        # Switch link
        rm ${BASELOG}/switch
        ln -s ${BASEDIR}/switch ${BASELOG}/switch
fi

########################################################
# Setup loop for each device listed in $DEVICES variable
########################################################
for device in $DEVICES ; do
        # Separate DEVICE TYPE/HOSTNAME/IP into separate varaibles
        DEVICE=`echo ${device}   | cut -d ':' -f 1`
        HOSTNAME=`echo ${device} | cut -d ':' -f 2`
        IP=`echo ${device}       | cut -d ':' -f 3`

        # Set and Create the sub-directories to store files
        SUBDIR=${BASEDIR}/${DEVICE}
        [ ! -d ${SUBDIR} ] && mkdir ${SUBDIR}
        [ ! -d ${SUBDIR}/${HOSTNAME} ] && mkdir ${SUBDIR}/${HOSTNAME}

        # Set the fullpath to store file retreived during tftp
        FULLPATH=${SUBDIR}/${HOSTNAME}/${FILENAME}

        # tftp $FILENAME from device/IP to directory/FULLPATH
        ${TFTP} $IP -c get ${FILENAME} ${FULLPATH} >/dev/null 2>&1 ||
        error_no_backup ${HOSTNAME}

        # Since tftp return values don't seem to include zero length
        # gets, test for this condition
        [ ! -s ${FULLPATH} ] && error_zero_length ${HOSTNAME}
done
[root@inetsyslog cron.daily]#
 
Old 11-17-2007, 11:40 PM   #8
creatorrr
Member
 
Registered: Nov 2007
Posts: 40

Original Poster
Rep: Reputation: 15
Thank You for this. I will give it a try and reply back...

Quote:
Originally Posted by scowles View Post
Although I agree with the comments about "backup after changing a config", some of us work for corporations that have policy that states all configs will be backed up on a daily basis. In fact, I work for a company that has auditors that ask for proof. <groan!>

In order to satisfy the auditors, I wrote a shell script (see below) that backs up hundreds of cisco routers and switches nightly using tftp from a linux box. I chose this method over telnet/write terminal just because it was easier to code and maintained the same security posture.

The key to making this script work is to edit the DEVICES variable along with setting up a base directory structure for all the downloaded files. I have removed all but four devices as an example. The header section contains info on howto config router/switch to allow tftp access.

NOTE: I copied this script to /etc/cron.daily.

[root@inetsyslog cron.daily]# cat cisco_tftp_backup
Code:
#!/bin/bash
#########################################################################
# Name: cisco_tftp_backup
# Author: Steve Cowles <scowles@infohiiway.com>
#
# Revision: Created 10/1/2005 SWC
# Revision: 03/26/06 - SWC 
#           Added capability to save config data by date.
#
# Description: Shell Script to backup cisco startup-config files
#              using tftp and store in pre-defined directory structure
#
# Directory structure for script is:
#   base_dir             /backup/cisco/{date}
#     device type           /router
#        hostname              /r1
#           filename              startup-config
#        hostname              /r2
#           filename              startup-config
#     device type           /switch
#        hostname              /s1
#           filename              startup-config
#        hostname              /s2
#           filename              startup-config
#
# Note 1: Cisco IOS requires you to configure tftp server access prior
#         to adding a router or switch to this script
# Something like:
#   access-list 55 remark PERMIT hosts requesting TFTP access
#   access-list 55 permit host 10.1.100.201
#   tftp-server nvram:startup-config 55
#
# 10.1.100.201 is the IP address of the system running this script
# nvram:startup-config is the only file allowed to be copied
#########################################################################

####################################################
# Error handlers
error_no_tftp_exec ()
{
        echo "ERROR - Filename '$1' does not exist"
        exit
}

error_no_backup ()
{
        echo "ERROR - Unable to backup Host '$1'"
}

error_zero_length ()
{
        echo "ERROR - Hostname '$1' backup has a zero size"
}
####################################################

# If tftp executable does not exist... then exit
CMD=tftp ; TFTP=`which ${CMD} 2>/dev/null`
[ ! -x "${TFTP}" ] && error_no_tftp_exec ${CMD}

####################################################
# Variable Section, edit below to meet requirements
####################################################

# Define/load a variable to store the device information
# of all routers/switches to backup using tftp.
#
# Values are separated by colons (:)
#     Value 1 = Device Type        (sub-dir created)
#     Value 2 = Device Hostname    (sub-dir created)
#     Value 3 = Device IP address
DEVICES="
router:allar1:10.100.12.1
switch:allsw1:10.100.12.2
router:lewar1:10.100.16.1
switch:lewsw1:10.100.16.2
"

# Should an error occur during execution, e-mail
# errors to following person. i.e. If run as cronjob
MAILTO="scowles@infohiiway.com"

# Define the base directory where you want to store
# files retreived from all devices. All subordinate
# directories will created relative to this base
BASELOG=/var/log/cisco_configs
BASEDIR=${BASELOG}/`date +%m.%d.%y`

# Define the filename to (get) from device using tftp
# See note 1 above
FILENAME=startup-config

####################################################
# END Variable Section, No servicable parts below
####################################################

###################################################################
# Begin Executable Section (do NOT edit below)
###################################################################

# If base directory does not exist, create it
[ ! -d ${BASEDIR} ] && mkdir ${BASEDIR}

# Update the symbolic link to point to the current BASEDIR directory
if [ -d ${BASELOG} ] ; then
        # Router link
        rm ${BASELOG}/router
        ln -s ${BASEDIR}/router ${BASELOG}/router

        # Switch link
        rm ${BASELOG}/switch
        ln -s ${BASEDIR}/switch ${BASELOG}/switch
fi

########################################################
# Setup loop for each device listed in $DEVICES variable
########################################################
for device in $DEVICES ; do
        # Separate DEVICE TYPE/HOSTNAME/IP into separate varaibles
        DEVICE=`echo ${device}   | cut -d ':' -f 1`
        HOSTNAME=`echo ${device} | cut -d ':' -f 2`
        IP=`echo ${device}       | cut -d ':' -f 3`

        # Set and Create the sub-directories to store files
        SUBDIR=${BASEDIR}/${DEVICE}
        [ ! -d ${SUBDIR} ] && mkdir ${SUBDIR}
        [ ! -d ${SUBDIR}/${HOSTNAME} ] && mkdir ${SUBDIR}/${HOSTNAME}

        # Set the fullpath to store file retreived during tftp
        FULLPATH=${SUBDIR}/${HOSTNAME}/${FILENAME}

        # tftp $FILENAME from device/IP to directory/FULLPATH
        ${TFTP} $IP -c get ${FILENAME} ${FULLPATH} >/dev/null 2>&1 ||
        error_no_backup ${HOSTNAME}

        # Since tftp return values don't seem to include zero length
        # gets, test for this condition
        [ ! -s ${FULLPATH} ] && error_zero_length ${HOSTNAME}
done
[root@inetsyslog cron.daily]#
 
Old 11-18-2007, 07:38 PM   #9
creatorrr
Member
 
Registered: Nov 2007
Posts: 40

Original Poster
Rep: Reputation: 15
Thanks scowles, this is great code. Tested and works fine. Just one more thing i am trying to figure it out, i want to be emailed each time the config file has changed. Not in real-time of course but on the sheduled backup. Havent been scripting for a while, the coding would be something like this:

"if (diff /var/log/cisco_configs/`date +%m.%d.%y`/switch/test/startup-config /var/log/cisco_configs/`date +%m.%d-1.%y`/switch/test/startup-config)
then MAILTO SOMEONE@SOMEWHERE.COM;"

Will try to fix it myself, if someone meanwhile could help me that would be great...

Thanks alot!!!
 
Old 11-18-2007, 09:49 PM   #10
creatorrr
Member
 
Registered: Nov 2007
Posts: 40

Original Poster
Rep: Reputation: 15
OK did it!

diff /var/log/cisco_configs/`echo $(date --date='1 day ago' +%m.%d.%y)`/switch/test/startup-config /var/log/cisco_configs/switch/test/startup-config > /backup/test.txt
if [[ ! -s /backup/test.txt ]]
then
MAILTO SOMEONE@SOMEWHERE.COM

Quote:
Originally Posted by creatorrr View Post
Thanks scowles, this is great code. Tested and works fine. Just one more thing i am trying to figure it out, i want to be emailed each time the config file has changed. Not in real-time of course but on the sheduled backup. Havent been scripting for a while, the coding would be something like this:

"if (diff /var/log/cisco_configs/`date +%m.%d.%y`/switch/test/startup-config /var/log/cisco_configs/`date +%m.%d-1.%y`/switch/test/startup-config)
then MAILTO SOMEONE@SOMEWHERE.COM;"

Will try to fix it myself, if someone meanwhile could help me that would be great...

Thanks alot!!!
 
Old 11-19-2007, 06:45 AM   #11
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Glad the script worked for you.

With regards to your proposed changes...

1) diff can compare directories. i.e. diff 11.18.07 11.19.07

2) What if you added a new router/switch to DEVICES variable. The previous days directory will not exist. Consider using the appropriate diff command line argument to deal with this case -or- add the appropriate test prior to calling diff.

3) Just my personal preference (i get too many e-mail alerts in a single day): When a script is run as a cron job, any output from the script will be mailed to the MAILTO variable. With regards to your proposed "diff" additions - I would add the "diff" after the "tftp get", so if there is a difference in files, then you would get a single e-mail with a summary of "all" files that had changed. If there was no difference, then no output would be generated, so you would NOT get an e-mail.

4) With the above in mind... I would add your diff test after the tftp get command. Something like:

NOTE: I have not tested any of this.

Code:
...snip...

# Define the base directory where you want to store
# files retreived from all devices. All subordinate
# directories will created relative to this base
BASELOG=/var/log/cisco_configs
BASEDIR=${BASELOG}/`date +%m.%d.%y`

# Set Yesterdays Date
YESTERDAY=${BASELOG}/`date --date='1 day ago' +%m.%d.%y`

...snip...

########################################################
# Setup loop for each device listed in $DEVICES variable
########################################################
for device in $DEVICES ; do
        # Separate DEVICE TYPE/HOSTNAME/IP into separate varaibles
        DEVICE=`echo ${device}   | cut -d ':' -f 1`
        HOSTNAME=`echo ${device} | cut -d ':' -f 2`
        IP=`echo ${device}       | cut -d ':' -f 3`

        # Set and Create the sub-directories to store files
        SUBDIR=${BASEDIR}/${DEVICE}
        [ ! -d ${SUBDIR} ] && mkdir ${SUBDIR}
        [ ! -d ${SUBDIR}/${HOSTNAME} ] && mkdir ${SUBDIR}/${HOSTNAME}

        # Set the fullpath to store file retreived during tftp
        FULLPATH=${SUBDIR}/${HOSTNAME}/${FILENAME}

        # Set path for yesterdays directory for diff
        YSUBDIR=${YESTERDAY}/${DEVICE}

        # tftp $FILENAME from device/IP to directory/FULLPATH
        ${TFTP} $IP -c get ${FILENAME} ${FULLPATH} >/dev/null 2>&1 ||
        error_no_backup ${HOSTNAME}

        # Run "diff" to alert for any changes in configurations
        diff --new-file ${SUBDIR}/${HOSTNAME} ${YSUBDIR}/${HOSTNAME}

        # Since tftp return values don't seem to include zero length
        # gets, test for this condition
        [ ! -s ${FULLPATH} ] && error_zero_length ${HOSTNAME}
done
Also, I use the "-x" argument to test/debug scripts. Change the first line of the script to:

#!/bin/bash -x

while testing your changes. Comes in handy to see if variables are working correctly.
 
Old 11-19-2007, 11:00 PM   #12
creatorrr
Member
 
Registered: Nov 2007
Posts: 40

Original Poster
Rep: Reputation: 15
2) doesnt worry me too much. 3) i think it is great idea.

Thank You very much for your help!!!


Quote:
Originally Posted by scowles View Post
Glad the script worked for you.

With regards to your proposed changes...

1) diff can compare directories. i.e. diff 11.18.07 11.19.07

2) What if you added a new router/switch to DEVICES variable. The previous days directory will not exist. Consider using the appropriate diff command line argument to deal with this case -or- add the appropriate test prior to calling diff.

3) Just my personal preference (i get too many e-mail alerts in a single day): When a script is run as a cron job, any output from the script will be mailed to the MAILTO variable. With regards to your proposed "diff" additions - I would add the "diff" after the "tftp get", so if there is a difference in files, then you would get a single e-mail with a summary of "all" files that had changed. If there was no difference, then no output would be generated, so you would NOT get an e-mail.

4) With the above in mind... I would add your diff test after the tftp get command. Something like:

NOTE: I have not tested any of this.

Code:
...snip...

# Define the base directory where you want to store
# files retreived from all devices. All subordinate
# directories will created relative to this base
BASELOG=/var/log/cisco_configs
BASEDIR=${BASELOG}/`date +%m.%d.%y`

# Set Yesterdays Date
YESTERDAY=${BASELOG}/`date --date='1 day ago' +%m.%d.%y`

...snip...

########################################################
# Setup loop for each device listed in $DEVICES variable
########################################################
for device in $DEVICES ; do
        # Separate DEVICE TYPE/HOSTNAME/IP into separate varaibles
        DEVICE=`echo ${device}   | cut -d ':' -f 1`
        HOSTNAME=`echo ${device} | cut -d ':' -f 2`
        IP=`echo ${device}       | cut -d ':' -f 3`

        # Set and Create the sub-directories to store files
        SUBDIR=${BASEDIR}/${DEVICE}
        [ ! -d ${SUBDIR} ] && mkdir ${SUBDIR}
        [ ! -d ${SUBDIR}/${HOSTNAME} ] && mkdir ${SUBDIR}/${HOSTNAME}

        # Set the fullpath to store file retreived during tftp
        FULLPATH=${SUBDIR}/${HOSTNAME}/${FILENAME}

        # Set path for yesterdays directory for diff
        YSUBDIR=${YESTERDAY}/${DEVICE}

        # tftp $FILENAME from device/IP to directory/FULLPATH
        ${TFTP} $IP -c get ${FILENAME} ${FULLPATH} >/dev/null 2>&1 ||
        error_no_backup ${HOSTNAME}

        # Run "diff" to alert for any changes in configurations
        diff --new-file ${SUBDIR}/${HOSTNAME} ${YSUBDIR}/${HOSTNAME}

        # Since tftp return values don't seem to include zero length
        # gets, test for this condition
        [ ! -s ${FULLPATH} ] && error_zero_length ${HOSTNAME}
done
Also, I use the "-x" argument to test/debug scripts. Change the first line of the script to:

#!/bin/bash -x

while testing your changes. Comes in handy to see if variables are working correctly.
 
Old 03-17-2010, 01:35 PM   #13
hovrashko
LQ Newbie
 
Registered: Mar 2010
Posts: 1

Rep: Reputation: 0
Question

Quote:
Originally Posted by creatorrr View Post
2) doesnt worry me too much. 3) i think it is great idea.

Thank You very much for your help!!!
hello!
im not clearly understand how would i use in my case, as far as we have different enable passwords, and telnet passwords. Do you have any idea how can i implement that, because i dont see how that scripts telnet to the router?

thanks,
Eric
 
Old 11-21-2011, 06:45 AM   #14
xizzor
LQ Newbie
 
Registered: Nov 2011
Posts: 4

Rep: Reputation: Disabled
Cisco automated backup

HI all

You could use the Kron method as well...
http://www.cisco.com/en/US/products/...8020260d.shtml
/xizzor
 
Old 03-19-2012, 03:19 PM   #15
jcm8237
LQ Newbie
 
Registered: Mar 2012
Posts: 1

Rep: Reputation: Disabled
Another Approach

I hadn't seen this done before arriving at my current organization, but it seems to work well. It archives the current configuration any time it's saved to a TFTP server (which happens to be Gentoo). We're using it on IOS switches and routers.

archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
path tftp://<server_address>/<directory>/<filename>.txt
write-memory
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Will an open source router replace your Cisco router? LXer Syndicated Linux News 1 03-21-2007 09:04 AM
which cisco router robrecc Linux - Networking 3 12-29-2006 10:39 PM
cisco router OS? blackzone Linux - Networking 1 07-21-2004 08:35 AM
cisco router emulator? Thymox Linux - Software 2 12-04-2003 04:25 AM
cisco router help numnuttz Linux - Software 5 03-18-2003 10:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration