How do I automate Cisco IOS backups?

[wolfman423]

Greetings,

It is my responsibility to backup every Cisco router and switch once a month (app 75). I do this by telneting from a Unix box to each router/switch and I copy the “sh run”. I am trying to find a way to automate this process. A friend on mine told me to write a perl script which would be great if knew how. Is there an easy way to do this without buying any software?

Thanks for your help!

 

[lgarner]

Check

http://www.deadcat.net.

It has a lot of scripts for use with Big Brother, but which can be easily modified. I've ported several to Nagios, one of which is a script to alert me if the Cisco configuration has changed.

Note that "sh run" won't give you an IOS backup, but those don't change or need to be backed up often.

 

[spydyr]

We use Cattools.

http://www.kiwisyslog.com/products.htm#cattools

 

[patrckb]

Being able to program in perl is a very valuable skill. You will find it very rewarding to be able to whip out a small script when you need to.

Another handy tool is expect. We manage the configurations of ~150 Cisco routers mainly with expect scripts. [CiscoWorks? We don't need no stinking CiscoWorks ]

Specifically, there is a perl script that is part of the MRTG distribution (

http://www.mrtg.org)

called scarfconf.pl. It is in the contrib/cisco_tftp directory. You give the script the community string, router IP, and tftp server IP and it will send the SNMP commands that cause the config to be downloaded.

Enjoy!
Patrick

Patrick Bartkus, CCNP, CNX, SCM, RHCE Sr. Network Engineer
GA Dept of Labor IT Network Services
If truth were not absolute, how could there be justice?

 

[chazk1]

Patrick,

Would this script only download for a specific router or many routers?

Do you have a copy of your config where I can see where to add the details you mentioned ?

Cheers...

 

[intelwizrd]

I had to do something like this in the past and after thinking about it, I decided to change company policy (that went over well). I installed a TFTP server on my network (solarwinds has a nice free one) and instituted a policy that all changes will be made first on paper then uploaded to the router (to the startup config) then copied over to the running config. this way, i always have dated copies of the configs and can go back to any day a change was made and figure out what was done if i have to. for backups, i just back up the tfpt server folder and im set. i have had a couple of routers die (due to bad configs done live by some techs) and was able to restore them rather quickly.

as for the ios itself, you can tftp it to the tftp server as well and back it up with the configs.

i know that if you have a full copy of solar winds, you can access the configs of the routers through one of their tools and i believe it keeps history copies.

its a thought. i believe there is a way to pull the config using snmp but im not sure how. you could just tftp a copy of the router config to the tftp server everytime there is a change and then you still have an up to date backup.

----------------------------
Josh
CCNA, MCSE 2003(in progress)

 

[wolfman423]

Thanks for everyone's help. After talking with the Unix and Networking team, we might try to use TCL and Expect on a unix box. They do not want to use TFTP due to security reasons instead, they are looking into SSH.

I suggested that they could write a Kron to start TFTP, retrieve all the configs using TCL and Expect then shut TFTP. Not sure if that idea will fly.

I am using the free version of Solar Winds but like I said, they do not like TFTP.

The mrtg solution is possible since they are running it on a Windoze box. I was looking at that perl script (scarfconf.pl) but I would have to play around with that since I have no knowledge of perl.

 

[baddos]

They could setup their TFTP server to only accept connections from the IP's of your routers and switches... In addition you could create a script on the server that moves the file away from public share to a secure location.

I think even w/ some TFTP servers you can make it a receive only server (don't know the term exactly).... Anyways it'
s where your could only PUT and disallow GET.