Solved: Script to run migrate export backup

Sagar_Manandhar · ‎2018-05-11

hi,

How can we schedule the migrate export backup everyday and push it to another server with the backup file name with date. Tried with job scheduler but there we find some limitation.

Regards,

Sagar Manandhar

Marcos_Perez · ‎2019-07-22

hi all,

my day arrived...here my first entry into this fantastic learning-, information- and knowledge-exchange-platform...

we have a similar problem...we do use a dedicated linux machine to connect to all our outside firewall systems to execute and get the backups home (clish and migrate export)...all is working fine...also on mds systems...now since we have upgraded the mds to r80.20, we noticed that those scripts does not finish the execution.

executing the script with bash -x we see that the mds_backup command is not ended even though on the mds all system where restarted and the file was created...ssh session is still alive but hanging in this command...after more then 30min waiting, the command can be stopped by pressing ctrl-C...

this is my last output from the bash -x command:

+ bck_mdm-export_scp-lgin-wiho_pw
++ /usr/bin/ssh -oConnectTimeout=5 -nq admin@10.93.255.191 -p 22 'rm -f /var/log/CPbackup/backups/*.tgz; /opt/CPmds-R80.20/scripts/mds_backup -g -b -s -i -l -d /var/log/CPbackup/backups'

then pressing ctrl-C

^C+ send_email-on-error
++ grep -v '^=.*=$' /tmp/wit.fwbck.U1qo0uR
+ emptyLog=
+ [[ 1 -eq 0 ]]
+ delete_log-file
+ echo
+ rm -f /tmp/wit.fwbck.U1qo0uR
+ exit

function in script:
function bck_mdm-export_scp-lgin-wiho_pw() {
$($sshStart $USER@$IP -p $PORT 'rm -f /var/log/CPbackup/backups/*.tgz; /opt/CPmds-R80.20/scripts/mds_backup -g -b -s -i -l -d /var/log/CPbackup/backups' >/dev/null 2>&1 )
# $($sshStart $USER@$IP -p $PORT 'rm -f /var/log/CPbackup/backups/*.pema; touch pema.pema.pema' >/dev/null 2>&1 )
if [[ $? -eq "0" ]]
then
scp -q -P $PORT $USER@$IP:/var/log/CPbackup/backups/$(date +%-d%b%Y)*.$filenameSufix $pathFilenamePrefix.$filenameSufix >/dev/null 2>&1
if [[ $? -eq "0" ]]
then
$(tar tf $pathFilenamePrefix.$filenameSufix >/dev/null 2>&1)
if [[ $? -eq "0" ]]
then
chmod o+r $pathFilenamePrefix.$filenameSufix
fileSize=$(du -h $pathFilenamePrefix.$filenameSufix | cut -f1)
echo -e "NEW File\t$SYSTEM\t\t$IP\t$fileSize grosses neues CP-Export wurde erfolgreich gespeichert." >>$Log
else
echo -e "FAILED \t$SYSTEM\t\t$IP\tDas File ist Corrupt, fehler beim Kopieren?" >>$Log
fi
else
echo -e "FAILED \t$SYSTEM\t\t$IP\tEin Fehler beim SCP Download -Erreichbar?" >>$Log
fi
else
echo -e "FAILED \t$SYSTEM\t\t$IP\tEin Fehler beim erstellen des CP-Exports -Erreichbar?" >>$Log
fi
}

any ideas why this could happen?

thanks in advance...

Cheers

Marcos

View solution in original post

Maarten_Sjouw · ‎2018-05-11

please check this question and it's responses.

Although if you want to move the file to another linux machine, I would use SCP instead of FTP.

Using a SSH Key instead of password:

echo '--------------------------------------------' >>$LOG
timestamp 'Send system logs to SCP server ... ' >>$LOG
echo '--------------------------------------------' >>$LOG
timestamp 'Starting SCP session ...' >>$LOG

if [ X${BACKUP_REMOTE} != X ]; then
if [ X${BACKUP_KEY} == X ]; then
_key="${HOME}/.ssh/id_dsa"
else
_key=$BACKUP_KEY
fi
scp -Bpqvi ${_key} $MDS_BCKDIR/* $BACKUP_REMOTE_USER@$BACKUP_REMOTE:$BACKUP_REMOTE_PATH 2>&1 | grep -v debug >>$LOG
fi

Regards, Maarten

PhoneBoy · ‎2018-05-11

What script did you write to try and do this?

Perhaps we can improve it?

HristoGrigorov · ‎2018-05-12

There is the backup script I wrote. Feel free to modify it for your needs and I if you improve it please share that with us:

#!/bin/bash

###########################################################################
BACKUP_FILE=backup_CPSMS_`date +%d-%m-%y_%H%M`.tgz

BACKUP_PATH=/var/CPbackup/backups

BACKUP_COMMAND="/opt/CPsuite-R80/fw1/bin/upgrade_tools/migrate export -n"

BACKUP_SERVER='192.168.x.x'

BACKUP_USER='ftp_user'

BACKUP_PASS='ftp_pass'

###########################################################################

source /etc/profile.d/CP.sh

echo `date +%d-%m-%yT%H%M` INFO: Backup script started

cd $BACKUP_PATH

# Run backup command
echo `date +%d-%m-%yT%H%M` "INFO: Running $BACKUP_COMMAND $BACKUP_FILE"
$BACKUP_COMMAND $BACKUP_FILE
if [ $? -ne 0 ]; then
echo `date +%d-%m-%yT%H%M` "FATAL: Backup command did not complete successfully"

exit 1
else
echo `date +%d-%m-%yT%H%M` "INFO: Backup command completed successfully"
fi

# Test backup file integrity
echo `date +%d-%m-%yT%H%M` "INFO: Testing archive integrity..."
/bin/tar -tzf $BACKUP_FILE > /dev/null
if [ $? -ne 0 ]; then
echo `date +%d-%m-%yT%H%M` "FATAL: Archive integrity test failed. Backup file is corrupt."

exit 1
else
echo `date +%d-%m-%yT%H%M` "INFO: Archive integrity test succeeded. Backup file is good."
echo `date +%d-%m-%yT%H%M` "INFO: Creating checksum file $BACKUP_FILE.MD5SUM"
/usr/bin/md5sum $BACKUP_FILE > $BACKUP_FILE.MD5SUM
echo `date +%d-%m-%yT%H%M` "INFO: Uploading archive to FTP server..."

/usr/bin/ftp -n $BACKUP_SERVER <<END_SCRIPT
quote USER $BACKUP_USER
quote PASS $BACKUP_PASS
cd CPSMS
put $BACKUP_FILE.MD5SUM
binary
put $BACKUP_FILE
quit
END_SCRIPT

if [ $? -ne 0 ]; then

echo `date +%d-%m-%yT%H%M` "ERROR: FTP upload failed."

else

echo `date +%d-%m-%yT%H%M` "INFO: FTP upload completed."

fi

echo `date +%d-%m-%yT%H%M` INFO: Backup script completed

Worapong_Janloy · ‎2018-12-25

I see error when I used contrab but manual run working fine anyone have the same error.

This utility requires the Check Point Security Management Server.

26-12-18T1041 FATAL: Backup command did not complete successfully

HristoGrigorov · ‎2018-12-25

Sorry mate, script was missing importing CP environment. I fixed it so try now. It should work fine from crontab.

ITD_TS · ‎2019-02-19

Hristo,

It is not working with R80.20 M2.

HristoGrigorov · ‎2019-02-19

Yeah, it is possible. What does it output when you run it ?

ITD_TS · ‎2019-02-19

Eror:

T2359 FATAL: Backup command did not complete successfully

HristoGrigorov · ‎2019-02-19

Please run following command:

expert# bash -x /path/to/backup_export.sh

Replace any possible confidential info in the output and paste it here.

Fedor_Agafonov1 · ‎2019-04-19

Hello,

Thank you for you script.

I add to script:

- remove file

- Send Email.

!/bin/bash

###############################################################
BACKUP_FILE=backup_CPSMS_`date +%d-%m-%y_%H%M`.tgz
BACKUP_LOG_FILE=/var/CPbackup/log/backups/backup_log_CPSMS_`date +%d-%m-%y_%H%M`.log
BACKUP_PATH=/var/CPbackup/backups
BACKUP_COMMAND="/opt/CPsuite-R77/fw1/bin/upgrade_tools/migrate export -n"
BACKUP_SERVER='server_adress'

BACKUP_USER='ftp_user_name'
BACKUP_PASS='ftp_password'
###############################################################
MAILSERVER='mail_server_address'
SENDER_EMAIL_ADDRESS='sender_email'
RECEIVER_EMAIL_ADDRESS='receiver_email
###############################################################
#Create backup
#############################################################
source /opt/CPshrd-R77/tmp/.CPprofile.sh
{
echo `date +%d-%m-%yT%H%M` "INFO: Backup script started"

cd $BACKUP_PATH

# Run backup command
echo `date +%d-%m-%yT%H%M` "INFO: Running $BACKUP_COMMAND $BACKUP_FILE"
$BACKUP_COMMAND $BACKUP_FILE
if [ $? -ne 0 ]; then
echo `date +%d-%m-%yT%H%M` "FATAL: Backup command did not complete successfully"

exit 1
else
echo `date +%d-%m-%yT%H%M` "INFO: Backup command completed successfully"
fi

# Test backup file integrity
echo `date +%d-%m-%yT%H%M` "INFO: Testing archive integrity..."
/bin/tar -tzf $BACKUP_FILE > /dev/null
if [ $? -ne 0 ]; then
echo `date +%d-%m-%yT%H%M` "FATAL: Archive integrity test failed. Backup file is corrupt."

exit 1
else
echo `date +%d-%m-%yT%H%M` "INFO: Archive integrity test succeeded. Backup file is good."
# Creating checksum file
echo `date +%d-%m-%yT%H%M` "INFO: Creating checksum file $BACKUP_FILE.MD5SUM"
/usr/bin/md5sum $BACKUP_FILE > $BACKUP_FILE.MD5SUM
echo `date +%d-%m-%yT%H%M` "INFO: Uploading archive to FTP server..."

/usr/bin/ftp -n $BACKUP_SERVER <<END_SCRIPT
quote USER $BACKUP_USER
quote PASS $BACKUP_PASS
cd CPSMS
put $BACKUP_FILE.MD5SUM
binary
put $BACKUP_FILE
quit
END_SCRIPT

if [ $? -ne 0 ]; then

echo `date +%d-%m-%yT%H%M` "ERROR: FTP upload failed."

else

echo `date +%d-%m-%yT%H%M` "INFO: FTP upload completed."

fi

wait

/bin/rm $BACKUP_FILE.MD5SUM
/bin/rm $BACKUP_FILE
if [ $? -ne 0 ]; then

echo `date +%d-%m-%yT%H%M` "ERROR: Delete backup file failed."

else

echo `date +%d-%m-%yT%H%M` "INFO: Delete backup file completed."

fi

echo `date +%d-%m-%yT%H%M` INFO: Backup script completed

} > $BACKUP_LOG_FILE
################################################################
#Send Email
################################################################

{
echo -e "from:"$SENDER_EMAIL_ADDRESS"\r\nto:"$RECEIVER_EMAIL_ADDRESS"\r\nSubject: Backup checkpoitn MGMT\r\n\r\n Backup completed. \r\n"
cat $BACKUP_LOG_FILE

} > $BACKUP_LOG_FILE.mail

sendmail --domain=domain.com -f $SENDER_EMAIL_ADDRESS -v $RECEIVER_EMAIL_ADDRESS --host=$MAILSERVER < $BACKUP_LOG_FILE.mail >> $BACKUP_LOG_FILE
{
if [ $? -ne 0 ]; then
echo `date +%d-%m-%yT%H%M` "ERROR: Send email failed."

else

echo `date +%d-%m-%yT%H%M` "INFO: Send email completed."

fi
} >> $BACKUP_LOG_FILE

/bin/rm $BACKUP_LOG_FILE.mail
if [ $? -ne 0 ]; then

echo `date +%d-%m-%yT%H%M` "ERROR: Delete mail file failed." >> $BACKUP_LOG_FILE

else

echo `date +%d-%m-%yT%H%M` "INFO: Delete mail file completed." >> $BACKUP_LOG_FILE

fi

HristoGrigorov · ‎2019-04-28

Thanx Fedor.

I usually run this script from crontab that is mailing me the output but it is a nice to have it integrated anyway.

Marcos_Perez · ‎2019-07-22

hi all,

my day arrived...here my first entry into this fantastic learning-, information- and knowledge-exchange-platform...

we have a similar problem...we do use a dedicated linux machine to connect to all our outside firewall systems to execute and get the backups home (clish and migrate export)...all is working fine...also on mds systems...now since we have upgraded the mds to r80.20, we noticed that those scripts does not finish the execution.

executing the script with bash -x we see that the mds_backup command is not ended even though on the mds all system where restarted and the file was created...ssh session is still alive but hanging in this command...after more then 30min waiting, the command can be stopped by pressing ctrl-C...

this is my last output from the bash -x command:

+ bck_mdm-export_scp-lgin-wiho_pw
++ /usr/bin/ssh -oConnectTimeout=5 -nq admin@10.93.255.191 -p 22 'rm -f /var/log/CPbackup/backups/*.tgz; /opt/CPmds-R80.20/scripts/mds_backup -g -b -s -i -l -d /var/log/CPbackup/backups'

then pressing ctrl-C

^C+ send_email-on-error
++ grep -v '^=.*=$' /tmp/wit.fwbck.U1qo0uR
+ emptyLog=
+ [[ 1 -eq 0 ]]
+ delete_log-file
+ echo
+ rm -f /tmp/wit.fwbck.U1qo0uR
+ exit

function in script:
function bck_mdm-export_scp-lgin-wiho_pw() {
$($sshStart $USER@$IP -p $PORT 'rm -f /var/log/CPbackup/backups/*.tgz; /opt/CPmds-R80.20/scripts/mds_backup -g -b -s -i -l -d /var/log/CPbackup/backups' >/dev/null 2>&1 )
# $($sshStart $USER@$IP -p $PORT 'rm -f /var/log/CPbackup/backups/*.pema; touch pema.pema.pema' >/dev/null 2>&1 )
if [[ $? -eq "0" ]]
then
scp -q -P $PORT $USER@$IP:/var/log/CPbackup/backups/$(date +%-d%b%Y)*.$filenameSufix $pathFilenamePrefix.$filenameSufix >/dev/null 2>&1
if [[ $? -eq "0" ]]
then
$(tar tf $pathFilenamePrefix.$filenameSufix >/dev/null 2>&1)
if [[ $? -eq "0" ]]
then
chmod o+r $pathFilenamePrefix.$filenameSufix
fileSize=$(du -h $pathFilenamePrefix.$filenameSufix | cut -f1)
echo -e "NEW File\t$SYSTEM\t\t$IP\t$fileSize grosses neues CP-Export wurde erfolgreich gespeichert." >>$Log
else
echo -e "FAILED \t$SYSTEM\t\t$IP\tDas File ist Corrupt, fehler beim Kopieren?" >>$Log
fi
else
echo -e "FAILED \t$SYSTEM\t\t$IP\tEin Fehler beim SCP Download -Erreichbar?" >>$Log
fi
else
echo -e "FAILED \t$SYSTEM\t\t$IP\tEin Fehler beim erstellen des CP-Exports -Erreichbar?" >>$Log
fi
}

any ideas why this could happen?

thanks in advance...

Cheers

Marcos

DPB_Point · ‎2020-04-19

For using it with crontab, I have changed 'sendmail line' to '/usr/sbin/sendmail'

This way, I have resolved crontab + mailing issues in R80.30.

HeikoAnkenbrand · ‎2020-04-19

Hi @Sagar_Manandhar,

You can also use the following script from me:

Easy Backup Tool - (migrate export + all GAIA configs)

This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup"

- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Are you a member of CheckMates?

Script to run migrate export backup