EEM backup configuration using Regex-time stamp with device name and time stamp.
Make sure you understand below event script before executing :
event manager applet DAILY_RUN_CONFIG_BACKUP
description Daily Run Config Backup To Local TFTP Server
event timer watchdog time 400
event none
action 01 cli command “enable”
action 02 cli command “show clock”
action 03 regexp “(2[0-3]|[01][0-9]):([0-6][0-9]):([0-6][0-9])” “$_cli_result” time hour minute second
action 04 puts “$time”
action 05 puts “$hour”
action 06 puts “$minute”
action 07 puts “$second”
action 08 cli command “show clock”
action 09 regexp “(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ([1-9]|0[1-9]|[1-2][0-9]|3[0-1]) (20[1-9][0-9])” “$_cli_result” time2 month day year
action 10 puts “$time2”
action 11 puts “$month”
action 12 puts “$day”
action 13 puts “$year”
action 14 cli command “copy /noconfirm running-config tftp://10.10.9.254/ASA-NAME_RUN_CONFIG-$year$month$day-$hour$minute$second.txt”
action 15 syslog priority informational msg “Configuration backup to TFTP successfully executed”
Some notes :
- The above script works with Router and Switches also.
- puts just output – you can remove that lines once the EEM Script working.
- if you are using AAA make a note: – If your device uses AAA, you must ensure that the EEM scripts configured on the device are either configured with an AAA user able to run the commands in the script, or that authorization bypass is configured with the command authorization bypass in the script definition. ( example – event manager applet DAILY_RUN_CONFIG_BACKUP authorization bypass)
Some good references updated on cisco IOS XE :
If you see any Error in IOS XE as below :
%HA_EM-3-FMPD_UNKNOWN_ENV: fh_parse_var: could not find environment variable: XXX
This indicates that you have AAA configured and you need to add “authorization bypass”
event timer watchdog time 400 – this is watch dog in seconds – so it run every 400 Seconds
You can also run using Cron example :
event timer cron name Daily cron-entry “00 01 * * *” – this run every day at 1:00am (https://crontab.guru/ – give you good example)
If you like to run EEM applet to test it :
#event manager run Mybackup
If you like to send email backup success :
event manager environment _email_to email-address
event manager environment smtp.bb.com
event manager environment senderemail
(config)#event manager applet backup_success_email
(config-applet)#event syslog pattern “%HA_EM-6-LOG: Mybackup: Configuration change detected. Write to TFTP succesfully executed”
(config-applet)#action 1.0 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “$_event_pub_time: Login via SSH” body “$_syslog_msg”
(config-applet)#action 1.5 syslog msg priority 5 “LOGIN SUCCESS – Mail Sent”
Same way you can redirect the Logs to TFTP :
event manager applet MyLog authorization bypass
event none
action 1.0 cli command “enable”
action 2.0 info type routername
action 3.0 cli command “show clock”
action 3.1 regexp “(2[0-3]|[01][0-9]):([0-6][0-9]):([0-6][0-9])” “$_cli_result” time hour minute second
action 3.6 cli command “show clock”
action 3.7 regexp “(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ([1-9]|0[1-9]|[1-2][0-9]|3[0-1]) (20[1-9][0-9])” “$_cli_result” time2 month day year
action 4.0 cli command “show logging | redirect tftp://x.x.x.x/$_info_routername-$year$month$day-$hour$minute$second.log”
action 6.0 syslog priority informational msg “Configuration change detected. Write to TFTP succesfully executed”
EEM Script to capture from log and store in Flash :
event manager applet logtest authorization bypass
event none
action 1.0 cli command “enable”
action 1.1 set cmd01 “show logging | in BULK”
action 1.2 cli command “$cmd01”
action 1.3 file open fh flash:error.txt w
action 1.4 file write fh “$_cli_result”
action 1.5 file close fh
#event manager run logtest
#more flash:error.txt
12:29:49.054: %EWLC_HA_LIB_MESSAGE-6-BULK_SYNC_STATE_INFO: Switch 2 R0/0: wncmgrd: INFO: Bulk sync status : COLD/n slot memory init failed for 1
12:32:37.785: %EWLC_HA_LIB_MESSAGE-6-BULK_SYNC_STATE_INFO: Switch 1 R0/0: wncmgrd: INFO: Bulk sync status : HOT
12:32:37.591: %EWLC_HA_LIB_MESSAGE-6-BULK_SYNC_STATE_INFO: Switch 2 R0/0: wncmgrd: INFO: Bulk sync status : HOT
12:32:45.428: %HA_CONFIG_SYNC-6-BULK_CFGSYNC_SUCCEED: Bulk Sync succeeded
Happy Labbing ….!!!!!