Solved: Re: Easy Backup Tool - (migrate export + all GAIA... - Page 2

HeikoAnkenbrand

asy Backup Tool

Features

This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup":

- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

- MDS > All CMA's are read out and their gateways backuped.
- SMS > All gateways are read out and backuped.

Note:
- Tested with R80.10, R80.20 and R80.30.
- If the tool is started on a MDS, a mdsstop and mdsstart is performed during the migrate_server export.

CLI Parameter

Syntax	Description
-s	The option -s performs a cpstop and cpstart when the migrate export tool is executed.
-v	The option -v shows the gateway OS, JHF, Kernel, Type of all gateways.
-l	The option -l shows all ebackup tgz files in /var/log/.
-d	The option -d delete all ebackup tgz files in /var/log/.
-no_migrate / -n	The option -no_migrate has the consequence that no migrate export is executed.
-port <sms port> / -p <sms port>	The option -port <sms port> add the management server port, if it's not running on port 443.
-ftpserver <ftp server ip> -ftpuser <username> -ftppw <password>	The ftp options allow to upload the tar file to a ftp server.
- cpupload <cp_system_ip>	The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util.

Example

# ebackup                    -> Backup all GAIA configs from all gateways + migrate export with locale backup file (/var/log/[date]_ebackup.tgz)
# ebackup -s                     -> Backup all GAIA configs from all gateway + migrate export with cpstop and cpstart for migrate export
# ebackup -no_migrate                                                                         -> Backup all GAIA configs from all gateway without migrate export
# ebackup -ftpserver 1.1.1.1 -ftpuser username -ftppw test123   -> Backup all GAIA configs from all gateway + migrate export with ftp upload

# ebackup -cpupload 1.1.1.1 -> Backup all GAIA configs from all gateway + migrate export with cp upload via cprid_util

Install Tool

Use this auto installer script from "Spoiler" on the SMS or MDS as CLI command in expert mode:

Spoiler

curl_cli -k http://www.ankenbrand24.de/inst_ebackup > /tmp/inst_ebackup && chmod 770 /tmp/inst_ebackup && /tmp/inst_ebackup

curl_cli -k http://www.ankenbrand24.de/inst_ebackup > /tmp/inst_ebackup && chmod 770 /tmp/inst_ebackup && /tmp/inst_ebackup

Or "copy and past" the following script block from "Spoiler" to your SMS or MDS (in expert mode):

Spoiler

cat <<EOT > /usr/bin/ebackup
#!/bin/bash
#
# Script Author  : Heiko Ankenbrand
# Script Website : https://www.ankenbrand24.de
# Script Source  : https://www.ankenbrand24.de/inst_ebackup
# License        : GNU General Public License (GPL)
#
if [[ -e /etc/profile.d/CP.sh ]]; then source /etc/profile.d/CP.sh; else echo "Unsupported Environment"; exit 1; fi
if [[ -e /etc/profile.d/vsenv.sh ]]; then source /etc/profile.d/vsenv.sh; fi   
FILE_PATH="/var/log/ebackup";
mkdir \$FILE_PATH > /dev/null 2>&1;
rm /tmp/ebackup_topo > /dev/null 2>&1;
rm /tmp/ebackup_MGTIP > /dev/null 2>&1;
# rm /usr/local/bin/ebackup > /dev/null 2>&1;
rm /tmp/ebackup_mdsstatus > /dev/null 2>&1;
rm /tmp/ebackup_login > /dev/null 2>&1;
rm /tmp/ebachup_cpupload /dev/null 2>&1;
REMOTE_RM="\$FILE_PATH/202*";
rm \$REMOTE_RM > /dev/null 2>&1;
NOW=\$(date +"%Y_%m_%d_%H%M");
clear;
echo -e "\e[7m";
printf '%.s-' {1..78};echo;
echo '- Easy Backup Tool v2.3                    - Copyright Heiko Ankenbrand 2020 -';
printf '%.s-' {1..78};
echo -e "\e[0m"
SHOW_SUM="0";
MIGRATE="1";
MGPORT="443";
FTPSERVER="";
FTPPW="non";
FTPUSER="anonymous";
serv_value="99";
REMOTE_INFO_V="0";
RVER=`fwm ver | awk '{print \$8}'`;

mSITIONAL=()
while [[ \$# -gt 0 ]]
do
key="\$1"
case \$key in
    -h|--help|-\?)
       shift;
       echo;echo 'Help: ';echo;
       echo "-l, --list                 The option -l  shows all ebackup tgz files in /var/log/.";
       echo "-d, --delete               The option -d  delete all ebackup tgz files in /var/log/.";
       echo "-s, --stop                 The option -s  performs a cpstop and cpstart when the migrate export tool is executed.";
       echo "-n, --no_migrate           The option -n  has the consequence that no migrate export/ migrate_server is executed.";
       echo "-v, --version              The option -v  shows the gateway OS, JHF, Kernel, Type";
       echo "-u, --user                 The option -u  shows the conneted users on the SMS";
       echo "-p <port>, -port <port>    The option -p  <port> add the management server port, if it's not running on port 443.";         
       echo "-ftpserver <ftp server ip> The ftp options allow to upload the tar file to a ftp server.";
       echo "-ftpuser <username> ";
       echo "-ftppw <password>";
       echo "-cpupload <cp system ip>   The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util.";
       echo "";
       echo "Examples:";
       echo "ebackup -s -ftpserver 192.168.1.1 -ftpuser test -ftppw secret -> backup all gateways + migrate export + cpstop + ftp upload"; 
       echo "ebackup -s -cpupload  192.168.1.1                             -> backup all gateways + migrate export + cpstop+ ";
       echo "                                                                 backup of the tgz file to another gateway or SMS";   
       echo "ebackup -n                                                    -> backup all gateways + without migrate export";
       echo;printf '%.s-' {1..78};echo;
       SHOW_SUM="0";
       exit 1;
    ;;
    -s|--stop)
       shift;
       SHOW_SUM="1";
    ;;
    -v|--version)
       shift;
       SHOW_SUM="1";
       REMOTE_INFO_V="1";
    ;;
    -u|--user)
       shift;
       SHOW_SUM="1";
       echo; cpstat mg |grep -e '|\|-' | cat; echo;
       exit 1;
    ;;
    -d|--delete)
       shift;
       SHOW_SUM="1";
       echo; echo "Delete all ebackup tgz files.";echo;
       rm /var/log/202* > /dev/null 2>&1;
       exit 1;
    ;;
    -l|--list)
       shift;
       SHOW_SUM="1";
       echo;echo -e "File \t\t\t\t\tBytes";
       printf '%.s-' {1..78};
       echo; ls -la /var/log/202* 2>&1| grep -v access|  awk '{print \$9 "\t\t" \$5}' |sed 's/\/var\/log\///'; echo;
       exit 1;
    ;;
    -port|-p)
       MGPORT="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftpserver)
       FTPSERVER="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftpuser)
       FTPUSER="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftppw)
       FTPPW="\$2";
       shift;
       shift;
       SHOW_SUM="0"; 
    ;;
     -cpupload)
       CPUPLOAD="\$2";
       shift;
       shift;
       SHOW_SUM="0"; 
    ;;   
    --no_migrate|-no_migrate|-n)
       shift;
       SHOW_SUM="0";
       MIGRATE="0";
    ;;
   
    *)    # unknown option
    #echo "unknown"
    POSITIONAL+=("\$1") # save it in an array for later
    shift # past argument
    SHOW_SUM="1";
    ;;
esac
done

############ Check MDS and SMS     #########
echo;

if [ "X\$MDSDIR" != "X" ]; then
     MDSSTATUS_HA=\$(mdsstat | grep -m 1 MDS | awk '{print \$8}');
     if [ \$MDSSTATUS_HA = "up"  ]; then    
           mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login;
           if grep -q Gaia /tmp/ebackup_login; then
               echo -n "The MDS is running in version "\$RVER;echo ".";echo;
               serv_value="1";
           else
               echo "The MDS is running but a connect to management API isn't possible.";echo;
               exit 1;
           fi     
     else
         echo -n "MDS is not running. (Status > "\$MDSSTATUS_HA;echo ")";echo;
         exit 1;
     fi
else
     #Check SMS
     CPM_PID=\$(ps -efww | grep java | grep cpm.Cpm | awk '{print \$2}');   
     if [ -z \$CPM_PID ]; then
           echo "The SMS is not running.";echo;
     exit 1;
     else 
           mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login;
           if grep -q Gaia /tmp/ebackup_login; then
               echo -n "The SMS is running in version "\$RVER;echo ".";echo;
               serv_value="0";
           else
               echo "The SMS is running but a connect to management API isn't possible.";echo;
               exit 1;
           fi
     fi
fi
if [ \$serv_value -eq 1  ]; then
   mdsenv > /dev/null 2>&1;
   mdsstat | grep CMA | awk '{print \$6}' >> /tmp/ebackup_MGTIP
   mdsstat | grep MDS | awk '{print \$6}' >> /tmp/ebackup_MDSIP
fi
############ Read gateways     #########
if  [ \$serv_value -gt 0  ]; then
       echo "Read gateways from CMA: ";echo;
       while read -r hostip; 
       do
           CMASTATUS_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$8}');
           CMANAME_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$4}');
           if [ \$CMASTATUS_HA = "up"  ]; then
               echo "   OK     - "\$CMANAME_HA;                 
               CMACOUNT=\$(mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2| grep -c ".");
               if [ \$CMACOUNT != 0 ]; then 
                     mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2 | grep -v 0.0.0.  | sed -e "s/\$/ \$hostip/"  >> /tmp/ebackup_topo;
               fi
           else
               echo " Failed   - "\$CMANAME_HA;
           fi   
       done < /tmp/ebackup_MGTIP
       echo;
else
     # read SMS gateways 
     mgmt_cli -r --port \$MGPORT true show gateways-and-servers details-level full limit 500 offset 0 --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2 | grep -v 0.0.0. |grep -v null | sed -e "s/\$/ x.x.x.x/" 2>&1> /tmp/ebackup_topo;
fi
######## GAIA Config save all gateways   #########
if [ ! -f /tmp/ebackup_topo ]; then
   echo "No gateways found!";
else
   echo "clish -c 'show configuration' > /var/log/g_output.txt" > /tmp/g_command.txt;
   echo "Backup GAIA config gateways:";echo;
   while read -r REMOTE_IP REMOTE_NAME REMOTE_CMA;
     do
     REMOTE_FILE="\$NOW-\$REMOTE_NAME";
     REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
     mdsenv \$REMOTE_CMA > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output.txt -local_file \$REMOTE_DATEI > /dev/null 2>&1;
     #echo -n "";
     if [ ! -f \$REMOTE_DATEI ]; then 
       echo -n " Failed   - ";
       else
       if grep -q hostname \$REMOTE_DATEI; then
          echo -n "   OK     - ";
          if [ \$REMOTE_INFO_V == "1" ] ; then
            $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /usr/bin/ebackup_command -remote_file /var/log/ebackup_command.txt > /dev/null 2>&1;
            $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/ebackup_command.txt > /dev/null 2>&1;
            $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output1.txt -local_file /tmp/ebackup_gateway_info.txt > /dev/null 2>&1;
          fi
       else 
          echo -n " Failed   - ";
       fi     
     fi
     echo -n \$REMOTE_NAME; 
     echo -n "   "; 
     if [ \$REMOTE_INFO_V == "1" ] ; then  
        if [ -f /tmp/ebackup_gateway_info.txt ]; then 
           REMOTE_INFO=\$(cat /tmp/ebackup_gateway_info.txt);
           echo; echo -n "           " \$REMOTE_INFO;
           rm /tmp/ebackup_gateway_info.txt;
           else 
           echo; echo -n "            (no gateway information available)";
        fi
     fi 
     if [ \$serv_value -eq 1  ]; then
        CMANAME_HA=\$(mdsstat | grep \$REMOTE_CMA | awk '{print \$4}');
        echo;    echo -n "            (CMA: "\$CMANAME_HA;echo -n ")";
     fi
     echo;
    done < /tmp/ebackup_topo; 
fi
echo;
######## GAIA config management save     #########
echo "Backup GAIA config Management:";echo;
REMOTE_FILE="\$NOW-Management";
REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
clish -c 'show configuration' > \$REMOTE_DATEI;
     if [ ! -f \$REMOTE_DATEI ]; then 
       echo -n "  Failed - ";
       else
       if grep -q hostname \$REMOTE_DATEI; then
          echo -n "   OK     - ";
       else 
          echo -n " Failed   - "
       fi     
     fi
     echo -n "Management   ";
     /usr/bin/ebackup_command;
     if [ \$REMOTE_INFO_V == "1" ] ; then  
        if [ -f /var/log/g_output1.txt ]; then 
           REMOTE_INFO=\$(cat /var/log/g_output1.txt);
           echo; echo -n "           " \$REMOTE_INFO;
           rm /var/log/g_output1.txt;
        fi
     fi 
     echo;echo;

############## SMS ############################    
# SMS migrate export
if [ \$serv_value -eq 0  ]; then
  if [ \$MIGRATE == "1" ] ; then
    REMOTE_FILE="\$NOW-SMS-Migrate-Export";
    REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
    echo;echo "Migrate Export SMS:";echo;
    if [ \$SHOW_SUM == "1" ] ;
      then
        cpstop > /dev/null 2>&1;
        echo "   OK     - cpstop";
    fi 
    REMOTE_DATEI_CHK="\$REMOTE_DATEI.tgz";
  
    $FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> \tmp\ebackup_migrate ;
       if [ ! -f \$REMOTE_DATEI_CHK ]; then 
           echo " Failed   - SMS migrate export";
       else 
           echo "   OK     - SMS migrate export";  
       fi

    if [ \$SHOW_SUM == "1" ] ;
      then
        cpstart > /dev/null 2>&1;
        echo "   OK     - cpstart";
    fi 
  fi
fi
############## MDS ############################
if [ \$MIGRATE == "1" ] ; then
 if  [ \$serv_value -gt 0  ]; then
   VER=`fwm ver | awk '{print \$8}' | sed 's/R80.//g'` 
   if [ \$VER -lt 30  ]; then               
        ### MDS version R80, R80.10, R80.20 migrate export
        REMOTE_FILE="\$NOW-MDS-Migrate-Export";
        REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
        mds/tmp/ebackup_migrateenv > /dev/null 2>&1
        echo -n "MDS migrate export (migrate export) "\$RVER;echo ":";echo;
        if [ \$SHOW_SUM == "1" ] ;then
           mdsstop > /dev/null 2>&1;
           echo "   OK     - MDS mdsstop";
        fi
        \$MDS_FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;
        if [ ! -f \$REMOTE_DATEI_CHK ]; then 
           echo " Failed   - MDS R80, R80.10, R80.20 (migrate export)";
        else 
           echo "   OK     - MDS R80, R80.10, R80.20 (migrate export)";  
        fi                         
        if [ \$SHOW_SUM == "1" ] ;then
           mdsstart > /dev/null 2>&1;
           echo "   OK     - MDS mdsstart";
        fi
   else 
        ### MDS version R80.30+ migrate_server
        REMOTE_FILE="\$NOW-MDS-Migrate-Server";
        REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
        mdsenv > /dev/null 2>&1;
        echo;echo -n "MDS migrate server (migrate_server) "\$RVER;echo ":";echo;
        \$MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v \$RVER \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

            if grep -q "sk135172" /tmp/ebackup_migrate; then
                echo " Failed   - MDS R80.30+ migrate_server export (No upgrade tools package is installed refer to sk135172)";
            else 
                if [ ! -f \$REMOTE_DATEI ]; then 
                    echo " Failed   - MDS R80.30+ migrate_server export";
                else 
                    echo "   OK     - MDS R80.30+ migrate_server export";
                fi     
            fi  
   fi
 fi
fi
############## TAR ############################
echo;echo "Tar file location:";echo;
REMOTE_FILE="\$NOW-ebackup";
REMOTE_DATEI="/var/log/\$REMOTE_FILE.tgz";
REMOTE_TAR="\$FILE_PATH";
# echo \$REMOTE_TAR
# echo \$REMOTE_DATEI

tar -czf \$REMOTE_DATEI \$REMOTE_TAR> /dev/null 2>&1;

     if [ ! -f \$REMOTE_DATEI ]; then 
            echo " Failed   - tar file";
       else  
          echo -n "   OK     - tar file (" ;
          echo -n \$REMOTE_DATEI;
          echo ")";
     fi		
echo;
############## FTP ############################
if [ "X\$FTPSERVER" != "X" ]; then
   
   FTPDATEI="\$REMOTE_FILE.tgz";
   echo;echo "FTP upload:";echo;
   echo "
   verbose
   user \$FTPUSER \$FTPPW
   bin
   lcd /var/log
   put \$FTPDATEI
   bye
   " | /usr/bin/ftp -in \$FTPSERVER > /tmp/ebackup_ftp 2>&1;
   if grep -q 226 /tmp/ebackup_ftp; then
       echo "   OK     - FTP upload";
   else
       echo " Failed   - FTP upload (Log: /tmp/ebackup_ftp)";
   fi
   echo;
fi

############## CPUPLOAD ############################
if [ "X\$CPUPLOAD" != "X" ]; then
     
     
     #REMOTE_FILE="\$NOW-\$REMOTE_NAME";
     #REMOTE_DATEI1="\$FILE_PATH/\$REMOTE_FILE";
     CPUPLOADDATEI="\$REMOTE_DATEI";
     echo "CP upload to \$CPUPLOAD:";echo;
     echo "ls \$CPUPLOADDATEI > /var/log/g_output.txt" > /tmp/g_command.txt;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file \$CPUPLOADDATEI -remote_file \$CPUPLOADDATEI  > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD getfile -remote_file /var/log/g_output.txt -local_file /tmp/ebachup_cpupload > /dev/null 2>&1;
     if [ ! -f /tmp/ebachup_cpupload ]; then 
       echo " Failed   - CP upload to \$CPUPLOAD ";
       else
       if grep -q tgz /tmp/ebachup_cpupload; then
          echo "   OK     - CP upload file (\$CPUPLOADDATEI)";
          
       else 
          echo " Failed   - CP upload to \$CPUPLOAD";
       fi     
     fi
     echo;
fi



REMOTE_RM="\$FILE_PATH/202*";
rm \$REMOTE_RM > /dev/null 2>&1;
rm /tmp/g_command.txt > /dev/null 2>&1;
rm /tmp/ebackup_topo > /dev/null 2>&1;
rm /tmp/ebachup_cpupload > /dev/null 2>&1;
rm /tmp/ebackup_MGTIP > /dev/null 2>&1;
rm /tmp/ebackup_migrate > /dev/null 2>&1;
rm /tmp/ebackup_mdsstatus > /dev/null 2>&1;
rm /tmp/ebackup_login > /dev/null 2>&1;
EOT
cat <<EHA > /usr/bin/ebackup_command
#!/bin/bash
J=\`cpinfo -y all 2>/dev/null | grep JUMBO | tail -n1 | awk '{print \$3}'\`;
O=\`cat /etc/cp-release | cut -c 13- | sed 's/^ *//g' | sed 's/\s*$//g'\`;
OSM=\`uname -a | grep -c x86_64\`; [ \$OSM == 0 ] && { OSM=32; } || { OSM=64; };
K=\`uname -r | sed 's/\([0-9]\+\.[0-9]\+\)\..*/\1/'\`;
T=\`cpstat os | grep "Appliance Name" | tr -s ' ' | cut -c 17- \`;
echo "(\${O}, Kernel \${K}, \${OSM} Bit, JHF \${J}, \${T})" > /var/log/g_output1.txt ;
EHA
chmod 770 /usr/bin/ebackup;
chmod 770 /usr/bin/ebackup_command;

cat <<EOT > /usr/bin/ebackup #!/bin/bash # # Script Author : Heiko Ankenbrand # Script Website : https://www.ankenbrand24.de # Script Source : https://www.ankenbrand24.de/inst_ebackup # License : GNU General Public License (GPL) # if [[ -e /etc/profile.d/CP.sh ]]; then source /etc/profile.d/CP.sh; else echo "Unsupported Environment"; exit 1; fi if [[ -e /etc/profile.d/vsenv.sh ]]; then source /etc/profile.d/vsenv.sh; fi FILE_PATH="/var/log/ebackup"; mkdir \$FILE_PATH > /dev/null 2>&1; rm /tmp/ebackup_topo > /dev/null 2>&1; rm /tmp/ebackup_MGTIP > /dev/null 2>&1; # rm /usr/local/bin/ebackup > /dev/null 2>&1; rm /tmp/ebackup_mdsstatus > /dev/null 2>&1; rm /tmp/ebackup_login > /dev/null 2>&1; rm /tmp/ebachup_cpupload /dev/null 2>&1; REMOTE_RM="\$FILE_PATH/202*"; rm \$REMOTE_RM > /dev/null 2>&1; NOW=\$(date +"%Y_%m_%d_%H%M"); clear; echo -e "\e[7m"; printf '%.s-' {1..78};echo; echo '- Easy Backup Tool v2.3 - Copyright Heiko Ankenbrand 2020 -'; printf '%.s-' {1..78}; echo -e "\e[0m" SHOW_SUM="0"; MIGRATE="1"; MGPORT="443"; FTPSERVER=""; FTPPW="non"; FTPUSER="anonymous"; serv_value="99"; REMOTE_INFO_V="0"; RVER=`fwm ver | awk '{print \$8}'`; mSITIONAL=() while [[ \$# -gt 0 ]] do key="\$1" case \$key in -h|--help|-\?) shift; echo;echo 'Help: ';echo; echo "-l, --list The option -l shows all ebackup tgz files in /var/log/."; echo "-d, --delete The option -d delete all ebackup tgz files in /var/log/."; echo "-s, --stop The option -s performs a cpstop and cpstart when the migrate export tool is executed."; echo "-n, --no_migrate The option -n has the consequence that no migrate export/ migrate_server is executed."; echo "-v, --version The option -v shows the gateway OS, JHF, Kernel, Type"; echo "-u, --user The option -u shows the conneted users on the SMS"; echo "-p <port>, -port <port> The option -p <port> add the management server port, if it's not running on port 443."; echo "-ftpserver <ftp server ip> The ftp options allow to upload the tar file to a ftp server."; echo "-ftpuser <username> "; echo "-ftppw <password>"; echo "-cpupload <cp system ip> The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util."; echo ""; echo "Examples:"; echo "ebackup -s -ftpserver 192.168.1.1 -ftpuser test -ftppw secret -> backup all gateways + migrate export + cpstop + ftp upload"; echo "ebackup -s -cpupload 192.168.1.1 -> backup all gateways + migrate export + cpstop+ "; echo " backup of the tgz file to another gateway or SMS"; echo "ebackup -n -> backup all gateways + without migrate export"; echo;printf '%.s-' {1..78};echo; SHOW_SUM="0"; exit 1; ;; -s|--stop) shift; SHOW_SUM="1"; ;; -v|--version) shift; SHOW_SUM="1"; REMOTE_INFO_V="1"; ;; -u|--user) shift; SHOW_SUM="1"; echo; cpstat mg |grep -e '|\|-' | cat; echo; exit 1; ;; -d|--delete) shift; SHOW_SUM="1"; echo; echo "Delete all ebackup tgz files.";echo; rm /var/log/202* > /dev/null 2>&1; exit 1; ;; -l|--list) shift; SHOW_SUM="1"; echo;echo -e "File \t\t\t\t\tBytes"; printf '%.s-' {1..78}; echo; ls -la /var/log/202* 2>&1| grep -v access| awk '{print \$9 "\t\t" \$5}' |sed 's/\/var\/log\///'; echo; exit 1; ;; -port|-p) MGPORT="\$2"; shift; shift; SHOW_SUM="0"; ;; -ftpserver) FTPSERVER="\$2"; shift; shift; SHOW_SUM="0"; ;; -ftpuser) FTPUSER="\$2"; shift; shift; SHOW_SUM="0"; ;; -ftppw) FTPPW="\$2"; shift; shift; SHOW_SUM="0"; ;; -cpupload) CPUPLOAD="\$2"; shift; shift; SHOW_SUM="0"; ;; --no_migrate|-no_migrate|-n) shift; SHOW_SUM="0"; MIGRATE="0"; ;; *) # unknown option #echo "unknown" POSITIONAL+=("\$1") # save it in an array for later shift # past argument SHOW_SUM="1"; ;; esac done ############ Check MDS and SMS ######### echo; if [ "X\$MDSDIR" != "X" ]; then MDSSTATUS_HA=\$(mdsstat | grep -m 1 MDS | awk '{print \$8}'); if [ \$MDSSTATUS_HA = "up" ]; then mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login; if grep -q Gaia /tmp/ebackup_login; then echo -n "The MDS is running in version "\$RVER;echo ".";echo; serv_value="1"; else echo "The MDS is running but a connect to management API isn't possible.";echo; exit 1; fi else echo -n "MDS is not running. (Status > "\$MDSSTATUS_HA;echo ")";echo; exit 1; fi else #Check SMS CPM_PID=\$(ps -efww | grep java | grep cpm.Cpm | awk '{print \$2}'); if [ -z \$CPM_PID ]; then echo "The SMS is not running.";echo; exit 1; else mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login; if grep -q Gaia /tmp/ebackup_login; then echo -n "The SMS is running in version "\$RVER;echo ".";echo; serv_value="0"; else echo "The SMS is running but a connect to management API isn't possible.";echo; exit 1; fi fi fi if [ \$serv_value -eq 1 ]; then mdsenv > /dev/null 2>&1; mdsstat | grep CMA | awk '{print \$6}' >> /tmp/ebackup_MGTIP mdsstat | grep MDS | awk '{print \$6}' >> /tmp/ebackup_MDSIP fi ############ Read gateways ######### if [ \$serv_value -gt 0 ]; then echo "Read gateways from CMA: ";echo; while read -r hostip; do CMASTATUS_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$8}'); CMANAME_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$4}'); if [ \$CMASTATUS_HA = "up" ]; then echo " OK - "\$CMANAME_HA; CMACOUNT=\$(mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name" ' |xargs -n 2| grep -c "."); if [ \$CMACOUNT != 0 ]; then mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name" ' |xargs -n 2 | grep -v 0.0.0. | sed -e "s/\$/ \$hostip/" >> /tmp/ebackup_topo; fi else echo " Failed - "\$CMANAME_HA; fi done < /tmp/ebackup_MGTIP echo; else # read SMS gateways mgmt_cli -r --port \$MGPORT true show gateways-and-servers details-level full limit 500 offset 0 --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name" ' |xargs -n 2 | grep -v 0.0.0. |grep -v null | sed -e "s/\$/ x.x.x.x/" 2>&1> /tmp/ebackup_topo; fi ######## GAIA Config save all gateways ######### if [ ! -f /tmp/ebackup_topo ]; then echo "No gateways found!"; else echo "clish -c 'show configuration' > /var/log/g_output.txt" > /tmp/g_command.txt; echo "Backup GAIA config gateways:";echo; while read -r REMOTE_IP REMOTE_NAME REMOTE_CMA; do REMOTE_FILE="\$NOW-\$REMOTE_NAME"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; mdsenv \$REMOTE_CMA > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output.txt -local_file \$REMOTE_DATEI > /dev/null 2>&1; #echo -n ""; if [ ! -f \$REMOTE_DATEI ]; then echo -n " Failed - "; else if grep -q hostname \$REMOTE_DATEI; then echo -n " OK - "; if [ \$REMOTE_INFO_V == "1" ] ; then $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /usr/bin/ebackup_command -remote_file /var/log/ebackup_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/ebackup_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output1.txt -local_file /tmp/ebackup_gateway_info.txt > /dev/null 2>&1; fi else echo -n " Failed - "; fi fi echo -n \$REMOTE_NAME; echo -n " "; if [ \$REMOTE_INFO_V == "1" ] ; then if [ -f /tmp/ebackup_gateway_info.txt ]; then REMOTE_INFO=\$(cat /tmp/ebackup_gateway_info.txt); echo; echo -n " " \$REMOTE_INFO; rm /tmp/ebackup_gateway_info.txt; else echo; echo -n " (no gateway information available)"; fi fi if [ \$serv_value -eq 1 ]; then CMANAME_HA=\$(mdsstat | grep \$REMOTE_CMA | awk '{print \$4}'); echo; echo -n " (CMA: "\$CMANAME_HA;echo -n ")"; fi echo; done < /tmp/ebackup_topo; fi echo; ######## GAIA config management save ######### echo "Backup GAIA config Management:";echo; REMOTE_FILE="\$NOW-Management"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; clish -c 'show configuration' > \$REMOTE_DATEI; if [ ! -f \$REMOTE_DATEI ]; then echo -n " Failed - "; else if grep -q hostname \$REMOTE_DATEI; then echo -n " OK - "; else echo -n " Failed - " fi fi echo -n "Management "; /usr/bin/ebackup_command; if [ \$REMOTE_INFO_V == "1" ] ; then if [ -f /var/log/g_output1.txt ]; then REMOTE_INFO=\$(cat /var/log/g_output1.txt); echo; echo -n " " \$REMOTE_INFO; rm /var/log/g_output1.txt; fi fi echo;echo; ############## SMS ############################ # SMS migrate export if [ \$serv_value -eq 0 ]; then if [ \$MIGRATE == "1" ] ; then REMOTE_FILE="\$NOW-SMS-Migrate-Export"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; echo;echo "Migrate Export SMS:";echo; if [ \$SHOW_SUM == "1" ] ; then cpstop > /dev/null 2>&1; echo " OK - cpstop"; fi REMOTE_DATEI_CHK="\$REMOTE_DATEI.tgz"; $FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> \tmp\ebackup_migrate ; if [ ! -f \$REMOTE_DATEI_CHK ]; then echo " Failed - SMS migrate export"; else echo " OK - SMS migrate export"; fi if [ \$SHOW_SUM == "1" ] ; then cpstart > /dev/null 2>&1; echo " OK - cpstart"; fi fi fi ############## MDS ############################ if [ \$MIGRATE == "1" ] ; then if [ \$serv_value -gt 0 ]; then VER=`fwm ver | awk '{print \$8}' | sed 's/R80.//g'` if [ \$VER -lt 30 ]; then ### MDS version R80, R80.10, R80.20 migrate export REMOTE_FILE="\$NOW-MDS-Migrate-Export"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; mds/tmp/ebackup_migrateenv > /dev/null 2>&1 echo -n "MDS migrate export (migrate export) "\$RVER;echo ":";echo; if [ \$SHOW_SUM == "1" ] ;then mdsstop > /dev/null 2>&1; echo " OK - MDS mdsstop"; fi \$MDS_FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ; if [ ! -f \$REMOTE_DATEI_CHK ]; then echo " Failed - MDS R80, R80.10, R80.20 (migrate export)"; else echo " OK - MDS R80, R80.10, R80.20 (migrate export)"; fi if [ \$SHOW_SUM == "1" ] ;then mdsstart > /dev/null 2>&1; echo " OK - MDS mdsstart"; fi else ### MDS version R80.30+ migrate_server REMOTE_FILE="\$NOW-MDS-Migrate-Server"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; mdsenv > /dev/null 2>&1; echo;echo -n "MDS migrate server (migrate_server) "\$RVER;echo ":";echo; \$MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v \$RVER \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ; if grep -q "sk135172" /tmp/ebackup_migrate; then echo " Failed - MDS R80.30+ migrate_server export (No upgrade tools package is installed refer to sk135172)"; else if [ ! -f \$REMOTE_DATEI ]; then echo " Failed - MDS R80.30+ migrate_server export"; else echo " OK - MDS R80.30+ migrate_server export"; fi fi fi fi fi ############## TAR ############################ echo;echo "Tar file location:";echo; REMOTE_FILE="\$NOW-ebackup"; REMOTE_DATEI="/var/log/\$REMOTE_FILE.tgz"; REMOTE_TAR="\$FILE_PATH"; # echo \$REMOTE_TAR # echo \$REMOTE_DATEI tar -czf \$REMOTE_DATEI \$REMOTE_TAR> /dev/null 2>&1; if [ ! -f \$REMOTE_DATEI ]; then echo " Failed - tar file"; else echo -n " OK - tar file (" ; echo -n \$REMOTE_DATEI; echo ")"; fi echo; ############## FTP ############################ if [ "X\$FTPSERVER" != "X" ]; then FTPDATEI="\$REMOTE_FILE.tgz"; echo;echo "FTP upload:";echo; echo " verbose user \$FTPUSER \$FTPPW bin lcd /var/log put \$FTPDATEI bye " | /usr/bin/ftp -in \$FTPSERVER > /tmp/ebackup_ftp 2>&1; if grep -q 226 /tmp/ebackup_ftp; then echo " OK - FTP upload"; else echo " Failed - FTP upload (Log: /tmp/ebackup_ftp)"; fi echo; fi ############## CPUPLOAD ############################ if [ "X\$CPUPLOAD" != "X" ]; then #REMOTE_FILE="\$NOW-\$REMOTE_NAME"; #REMOTE_DATEI1="\$FILE_PATH/\$REMOTE_FILE"; CPUPLOADDATEI="\$REMOTE_DATEI"; echo "CP upload to \$CPUPLOAD:";echo; echo "ls \$CPUPLOADDATEI > /var/log/g_output.txt" > /tmp/g_command.txt; $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file \$CPUPLOADDATEI -remote_file \$CPUPLOADDATEI > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$CPUPLOAD -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$CPUPLOAD getfile -remote_file /var/log/g_output.txt -local_file /tmp/ebachup_cpupload > /dev/null 2>&1; if [ ! -f /tmp/ebachup_cpupload ]; then echo " Failed - CP upload to \$CPUPLOAD "; else if grep -q tgz /tmp/ebachup_cpupload; then echo " OK - CP upload file (\$CPUPLOADDATEI)"; else echo " Failed - CP upload to \$CPUPLOAD"; fi fi echo; fi REMOTE_RM="\$FILE_PATH/202*"; rm \$REMOTE_RM > /dev/null 2>&1; rm /tmp/g_command.txt > /dev/null 2>&1; rm /tmp/ebackup_topo > /dev/null 2>&1; rm /tmp/ebachup_cpupload > /dev/null 2>&1; rm /tmp/ebackup_MGTIP > /dev/null 2>&1; rm /tmp/ebackup_migrate > /dev/null 2>&1; rm /tmp/ebackup_mdsstatus > /dev/null 2>&1; rm /tmp/ebackup_login > /dev/null 2>&1; EOT cat <<EHA > /usr/bin/ebackup_command #!/bin/bash J=\`cpinfo -y all 2>/dev/null | grep JUMBO | tail -n1 | awk '{print \$3}'\`; O=\`cat /etc/cp-release | cut -c 13- | sed 's/^ *//g' | sed 's/\s*$//g'\`; OSM=\`uname -a | grep -c x86_64\`; [ \$OSM == 0 ] && { OSM=32; } || { OSM=64; }; K=\`uname -r | sed 's/$[0-9]\+\.[0-9]\+$\..*/\1/'\`; T=\`cpstat os | grep "Appliance Name" | tr -s ' ' | cut -c 17- \`; echo "(\${O}, Kernel \${K}, \${OSM} Bit, JHF \${J}, \${T})" > /var/log/g_output1.txt ; EHA chmod 770 /usr/bin/ebackup; chmod 770 /usr/bin/ebackup_command;

Create Cronjob

If the ebackup tool should be executed automatically, only a cronjob has to be created.

Spoiler

Add a user "jobuser" via GAIA web portal:

Set shell: /bin/bash
Set assigned role: adminRole

Set a new password:

FTP upload:

                Add a cronjob via CLI to execute ebackup at Saturday night at 10:00 pm.

                - Add parameter -s for cpstop/cpstart
                - Add ftpserver/ ftpuser and ftppw parameters for ftp upload.

                # crontab -u jobuser -e
                ------------------------------------------------------------------------------------------------------
                22 00 * * 6   /usr/bin/ebackup -s -ftpserver <server_ip> -ftpuser <username> -ftppw <password>

CP upload:

If an FTP upload is too insecure for you, you can also transfer the backup file to another Check Point system with the option -cpupload via cprid_util.

- Add parameter -s for cpstop/cpstart
- Add ftpserver/ ftpuser and ftppw parameters for ftp upload.

# crontab -u jobuser -e
------------------------------------------------------------------------------------------------------
22 00 * * 6 /usr/bin/ebackup -s -cpupload <cp_server_ip>

Add a user "jobuser" via GAIA web portal:Set shell: /bin/bashSet assigned role: adminRoleSet a new password:FTP upload: Add a cronjob via CLI to execute ebackup at Saturday night at 10:00 pm. - Add parameter -s for cpstop/cpstart - Add ftpserver/ ftpuser and ftppw parameters for ftp upload. # crontab -u jobuser -e ------------------------------------------------------------------------------------------------------ 22 00 * * 6 /usr/bin/ebackup -s -ftpserver <server_ip> -ftpuser <username> -ftppw <password>CP upload: If an FTP upload is too insecure for you, you can also transfer the backup file to another Check Point system with the option -cpupload via cprid_util.- Add parameter -s for cpstop/cpstart - Add ftpserver/ ftpuser and ftppw parameters for ftp upload.# crontab -u jobuser -e ------------------------------------------------------------------------------------------------------22 00 * * 6 /usr/bin/ebackup -s -cpupload <cp_server_ip>

More "Easy Tools"

- Easy Backup Tool - (migrate export + all GAIA configs)                   -> Easy backup of all gateway GAIA configs + migrate export with one CLI command.
- Easy execute CLI commands on all gateways simultaneously        -> Now you can use the new command to execute bash or clish commands on all gateway simultaneously.
- Easy execute CLI commands from management on gateways        -> Easy execute CLI commands from management on gateways
- Mobile User License Tool - replaced "dtps lic"                                   -> It displays all Secure Client, SSL VPN and Mobile Access Portal licenses in total (sum) on the SMS.
- Easy View Tool - (system infos from all gateways simultaneously) -> This toll shows you quickly an overview of status information of all your gateways with only one CLI command.

Version

0.1   03-15-2020   - oneliner to show backup clish configs
0.6   03-23-2020   - GA version ebackup
0.7   03-25-2020    - add parameter -s for cpstop/cpstart
0.8   03-26-2020   - add parameter -no_migrate (no migrate export)
0.9   03-26-2020   - bug fixed (special thanks to Paul_Gademsky)
1.0   03-27-2020   - bug fixed (SMS and MDS)
1.1   03-30-2020   - add option -port
1.2   03-30-2020   - bug fixed
1.3   03-31-2020   - ftp upload function (-ftpserver, -ftpuser, -ftppw)

2.0   04-04-2020   - MDS support
2.1   04-06-2020   - bug fixed
2.2   04-07-2020   - add option -v
2.3   04-09-2020   - add option -cpupload (upload tgz file to a other Check Point gateway or SMS)

Christian_Wagen · ‎2020-03-27

Hi @HeikoAnkenbrand

That's a great idea and great implementation!

Keep up the good work 🙂

Daniel_ · ‎2020-03-27

Thanks for this Script.

With json and jq most often you don't need additional bash commands. So you can replace

mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2 | grep -v 0.0.0. > /tmp/ebackup_topo;

with

mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | select(."ipv4-address" != "0.0.0.0") | ."ipv4-address"+" "+ ."name"' > /tmp/ebackup_topo;

Bye

Dilian_Chernev · ‎2020-03-30

Thank you for the excellent script!

I have a suggestion to add an option to change the API port.
For example on my SMS, there is also Endpoint MGMT and default API port is changed to 4434 .

HeikoAnkenbrand · ‎2020-03-30

Hi @Dilian_Chernev,

That was a good point from you. 👍

Now in v1.1 the option -port <sms port> add the management server port, if it's not running on port 443.

Regards
Heiko

View solution in original post

Dilian_Chernev · ‎2020-04-08

Working perfectly!
Is it possible to add file transfer to a SCP server also ?

Paul_Gademsky · ‎2020-04-08

@Dilian_Chernev @HeikoAnkenbrand

It should be fairly straight forward to do, but I'll leave that to Heiko to incorporate.

When it comes to storing the passwords for the ftp/scp/sftp on a server for a cron job, I tend to stay away from that.

My solution is to use the cprid capabilities to copy the file to a second Mgmt (HA), log server, SmartEvent server, or worse case a gateway, so that it exists in more than one location.

Just my 2 cents.

Paul G.

HeikoAnkenbrand · ‎2020-04-09

Hi@Dilian_Chernev @Paul_Gademsky,

Check Point upload support for the backup file via cprid_util is added.😀

So you can copy the backup with the option -cpupload directly to another Check Point gateway or SMS/MDS.

Regards
Heiko

Giorgio_Giustoz · ‎2020-03-30

Thank you for the excellent script!

I have a suggestion to add an option to send the files (export & Gaia-configuration) to a external server/location, via FTP o CIFS.

HeikoAnkenbrand · ‎2020-03-30

Hi @Giorgio_Giustoz ,

Now v1.3 with FTP Upload,

# ebackup -ftpserver 1.1.1.1 -ftpuser username -ftppw test123 -> Backup all GAIA configs + migrate export with upload to a ftp server.

Regards

Heiko

Armin_Weiler · ‎2020-03-31

Hi @HeikoAnkenbrand,

I have been following this article for the last few days. This is a really good idea that you've developed here. In my opinion the script should be published in a JHF or in the next R80 version.

We use it on several management servers of our customers and it's working great now.

PS: Curl download works fine now.

Many thanks
Armin

HeikoAnkenbrand · ‎2020-03-31

Now v1.3 with the following options:

Syntax	Description
-s	The option -s performs a cpstop and cpstart when the migrate export tool is executed.
-no_migrate	The option -no_migrate has the consequence that no migrate export is executed.
-port <sms port>	The option -port <sms port> add the management server port, if it's not running on port 443.
-ftpserver <ftp server ip> -ftpuser <username> -ftppw <password>	The ftp options allow to upload the tar file to a ftp server.

Ruan_Kotze · ‎2020-04-01

Thank you so much for an awesome tool - this has been a gap in my toolbox for so long. The only issue I have picked up in testing is a spelling mistake in the output file, as per attachment.

Thanks again,
Ruan

HeikoAnkenbrand · ‎2020-04-01

Hi @Ruan_Kotze,

THX, I changed that. Is now correct.

Regards
Heiko

Jan_Elbers · ‎2020-04-02

Nice xcript. Thanks

Is there also a backup option for SMB devices?

Paul_Gademsky · ‎2020-04-03

The 1.4 version I posted has been successfully run against 3 different 1200R appliances at this point. Let me know if you have a different experience.

Paul G.

HeikoAnkenbrand · ‎2020-04-03

Hi @Jan_Elbers

The tool supports all SMB applications where no 0.0.0.X IP address is set in the topology.

Regards
Heiko

Harry_Morgan · ‎2020-04-06

Hi @HeikoAnkenbrand

Can I execute the script as cronjob?

HeikoAnkenbrand · ‎2020-04-07

Hi @Harry_Morgan,

If the ebackup tool should be executed automatically, only a cronjob has to be created.
I described it in the article.

Regards
Heiko

Pablo_Montega · ‎2020-04-20

Hello @HeikoAnkenbrand,

Is it possible to add a scp upload?

Thanks

Pablo

Th-Chi · ‎2020-04-27

ssh upload?

HeikoAnkenbrand · ‎2020-04-28

coming soon

HeikoAnkenbrand · ‎2020-05-06

Now tested with R80.40.

moritz_r · ‎2020-05-14

Thank you for this script.
One question in case of an Endpoint MGMT: is there also a opportunity to use the function of a migrate export with the syntax "--include-uepm-msi-files"?

That would great

Best regards

Moritz

moritz_r · ‎2020-05-15

Hello @HeikoAnkenbrand
now I have a second question:
after adding a test cronjob with ebackup, the topic of the job notification mail includes the users password. Is it possible to hide it?

And Im not sure if it is a typo in the script, because also in the job notification mail, I got an error message:

rm: cannot remove '/tmp/ebachup_cpupload': No such file or directory TERM environment variable not set.

Does this error occur because of "ebachup_cpupload" instead of "ebackup_cpupload". I can find it multiple times in the script.

Best regards

Moritz

Titus_Kimathi · ‎2020-06-21

Hi @HeikoAnkenbrand

Much appreciated tool. Works like a charm on a R80.40-SMS, R80.30/R77.30 gateways, and TE appliance environment.

Regards

Mutumak

yo · ‎2020-06-26

👍🏻

Ave_Joe · ‎2020-07-29

Good day.

Hi. Great work. I am in process of replacing my ancient nightly backup script with ebackup. I would like to see a feature that just does the migrate of the SMS and skips the gateways. In my use case I have 400 appliances that don't really change all the much so I think backing up those once per week makes sense. However the with policy changes, etc. my preference is to use your script to get a migrate done nightly.

Thoughts?

Would this be something others would like to see?

nils_alfer · ‎2020-08-04

Hi @HeikoAnkenbrand.

this is a very nice solution.

Thanks
Nils

wavesurf · ‎2020-08-05

Hi Heiko,

great tool!

What i am missing in all backup methods/tools, is the backup of certain importand files from the device.

Management:

implied_rules.def
table.def
crypt.def
vpn_route.conf
ipassignment.conf
fwrl.conf
trac_client_1.ttm
vpn_table.def
user.def
HKLM_registry.data

Gateways (not SMB)

masters

fwkern.conf

trac_client_1.ttm

simkern.conf
sim_aff.conf
vpnkern.conf
HKLM_registry.data
/etc/rc.d/rc.local
SmsPhones.lst
dynamic_id_users_info.lst
CPprofile.sh
/opt/postfix/etc/postfix/main.cf
mta_postfix_options.cf

BR,

Bernhard

spiros-p · ‎2020-08-10

Nice tool!

Filters

Sort By

Categories

Easy Backup Tool