Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Elbis
Participant
Jump to solution

How to monitoring backup?

Hello Guys!

I wonder if there is any backup scheduling schedule that sets up via web browser in the box. In the year the scheduling stopped working and remained months without backups. How to monitor this? Emails, alerts, Zabbix. Thank you!

Security Gateway R80.10

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

With 50 GWs, i would look into this:

Easy execute CLI commands on all gateways simultaneously        ->  Now you can use the new command to execute bash or clish commands on all gateway simultaneously.

This could do a show backup last-successfull on all GWs and present you  all outputs in one place!

And HeikoAnkenbrand even has another tool that may be of value for you:

Easy Backup Tool - (migrate export + all GAIA configs)                   -> Easy backup of all gateway GAIA configs + migrate export with one CLI command.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
14 Replies
PhoneBoy
Admin
Admin

What is it exactly you are backing up and how exactly did you attempt to perform the backup? Best practices: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
MR_K
Contributor

Sorry for hijacking this old one, but I think I have the same question as Eber_Aparecido_ and I am still looking for an answer.

Using the scheduled backup (System Backup via Clish), a Gateway does create (and in our case SCP) a backup regularly, but I did not come across a way to get informed when a backup schedule failed.

So it might be months until you realize, that even though you have had a successful backup-schedule in the past, that the most up to date backup is some months old.

Except checking clish "show backup status" (either by hand, cronjob or SNMP Extension) I do not see a way to alert the admin, that a backup failed.

 

Is there a possibility to monitor this, ideally via SNMP?

Our current setup is R80.20 - R80.40, but since the backup schedule did not really change I don't think this is version relevant.

0 Kudos
Dov_Fraivert
Employee
Employee

Hi MR_K,

In the next version (R81.20) we plan improvements in UI of backup.
The status of each schedule backup task should be added.
In case of failure it will be clearly seen in UI.

Regards,
Dov

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Correct - cronjob is most handy. SNMP OIDs exist for real-time monitoring of selected counters, but not backup status - same in treshholds for email alerts of SVMonitor.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

That is rather easy in GAiA WebGUI:

- in System Management > Mail Notification configure your mail server

- in System Management > Job Scheduler, add a job with command "show backup status" to run at selected intervals, default daily

- in Email Notification add your email address

- output of command "show backup status" will be emailed to you in selected intervals

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JozkoMrkvicka
Authority
Authority

Or better would be to check only last successfull backup (show backup last-successfull). Also I am not sure if clish command can be used. Maybe "clish -c '' " is needed.

Kind regards,
Jozko Mrkvicka
G_W_Albrecht
Legend Legend
Legend

Maybe - but i would just try and get my solution 😎 but good points indeed !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MR_K
Contributor

Thanks for that idea, definitely would work, I am just hesitant to use it since we have over 50 Firewalls in our network and we would have to request a SMTP exception for each one (as well as requesting changes every time the number or IPs change), that's just not very practical with those numbers.

G_W_Albrecht
Legend Legend
Legend

With 50 GWs, i would look into this:

Easy execute CLI commands on all gateways simultaneously        ->  Now you can use the new command to execute bash or clish commands on all gateway simultaneously.

This could do a show backup last-successfull on all GWs and present you  all outputs in one place!

And HeikoAnkenbrand even has another tool that may be of value for you:

Easy Backup Tool - (migrate export + all GAIA configs)                   -> Easy backup of all gateway GAIA configs + migrate export with one CLI command.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MR_K
Contributor

That actually sounds like a very good idea.
Running the check backup status on all gateways simultaneously either via Mail Notification or SNMP extension.

I have to look into this how well we can do that regularly (we had some issue with filtering which gateways shall be addressed and which not).
Thanks a lot!

0 Kudos
Attila_Korosi
Explorer
Explorer

I use a bit of one line command instead of a show command which could run by job scheduler just after scheduled backup after  my morning tea. As the "show" commands needs a bit thinking and I only like to think once therefor I only filter to the result. Can I kindly ask you to check it?

My script:

[[ ($(clish -c "show backup last-successful" | sed -n '/scp /,$p' | grep -e 'Date' | cut -d" " -f3) == $(date +"%d-%b-%Y")) ]] && echo Backup Successful || echo Backup Failed

0 Kudos
mgaanstoot
Explorer
Explorer

Hi, configured this as this looked like a nice quick solution. It is sending the mail but mail server requires a TLS connection from gateway to mail server.  To set this up I need to enable MTA and import TLS certificate from the mail server. No other possibility to import certificate without enabling MTA ? No need for mail inspection functionality. 

kind regards,

Mikel

0 Kudos
PhoneBoy
Admin
Admin

The underlying mechanisms used to send mail from the OS do not assume TLS currently.
This would need to be handled as an RFE.

MTA would provide an SMTP server that could be available unencrypted and forwarded to the real SMTP server encrypted.

0 Kudos
mgaanstoot
Explorer
Explorer

Thanks for the reply. Submitted the RFE 🙂 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events