Helpful ReplyHot!Backup over SCP

Page: 12 > Showing page 1 of 2
Author
FatalHalt
Gold Member
  • Total Posts : 124
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/06/11 08:51:54
  • Status: offline
2014/09/15 12:15:27 (permalink)
0

Backup over SCP

I' m trying to figure out how to backup over SCP. I' ve enabled ' admin-scp' in config sys global, but am now trying to actually figure out how to use it.

Anyone able to get me started?

Thanks.
#1
Istvan Takacs_FTNT
Silver Member
  • Total Posts : 118
  • Scores: 15
  • Reward points: 0
  • Joined: 2014/08/05 16:14:08
  • Location: Nowhere, OK
  • Status: offline
emnoc
Expert Member
  • Total Posts : 5301
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
RE: Backup over SCP 2014/09/16 08:30:02 (permalink)
0
I never heard of fgt-config but sys_config works


e.g

scp admin@x.x.x.5:sys_config ./
admin@x.x.x.x5' s password:
Permission denied, please try again.
admin@x.x.x.5' s password:
sys_config 100% 332KB 83.1KB/s 00:04
kfelix@socket01:~$

Go to tip#6 on my blog;

http://socpuppet.blogspot.com/2013/12/fortigate-tips-tricks-from-socpuppets.html

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#3
FatalHalt
Gold Member
  • Total Posts : 124
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/06/11 08:51:54
  • Status: offline
RE: Backup over SCP 2014/09/16 12:31:29 (permalink)
0
Thanks guys. I was using the document from the Admin guide, but didn' t have any sort of scp client (windows host). Grabbed the pscp.exe file from putty and am now cruising along.

Made a nice little python script to automate all my boxes now!
#4
ede_pfau
Expert Member
  • Total Posts : 6068
  • Scores: 488
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
RE: Backup over SCP 2014/09/17 07:31:29 (permalink)
0
Would you care to share the python script? Py pal here.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#5
FatalHalt
Gold Member
  • Total Posts : 124
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/06/11 08:51:54
  • Status: offline
RE: Backup over SCP 2014/09/17 08:50:06 (permalink)
0
Threw it up on my Github
#6
emnoc
Expert Member
  • Total Posts : 5301
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
RE: Backup over SCP 2014/09/17 10:52:28 (permalink)
5 (1)
Here' s a simple bash script, that you can call and run thru a listing. It down load the cfg and timestamp the downloaded file



#!/bin/bash
# This is a simple bash cfg grabber
#
#
if [ ! $1 ]; then
echo " Usage : getcfg.sg <username> <fortigate ip_address> <ssh port # > "
echo " "
echo " Example getcfg admin 1.1.1.1 22 "
echo " "

exit 1
fi

#
#
DATE=`date +%F%Z%T`
#
#
A=sys_config
#
PORT=$3
scp -P $3 $1@$2:$A ./$A-$2_$DATE.cfg
#
#
end



PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#7
ede_pfau
Expert Member
  • Total Posts : 6068
  • Scores: 488
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
RE: Backup over SCP 2014/09/18 04:44:07 (permalink)
0
Thanks FatalHalt, nice work!

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#8
FatalHalt
Gold Member
  • Total Posts : 124
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/06/11 08:51:54
  • Status: offline
RE: Backup over SCP 2014/09/19 14:27:35 (permalink)
0
Thanks! I' ve also got a work in progress config parser script on there as well. Parses out different sections of the config to csv files (which I combine into spreadsheets). Great for comparing policy, address sets, etc.

Adding more sections for it when I have time.
#9
jtfinley
Gold Member
  • Total Posts : 189
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/08/11 13:07:10
  • Status: offline
RE: Backup over SCP 2014/09/29 14:57:33 (permalink)
#10
Holy
Gold Member
  • Total Posts : 168
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/07 03:56:56
  • Status: offline
Re: RE: Backup over SCP 2014/11/19 15:09:45 (permalink)
0
Reading What´s new Forti OS 5.2.2 ...
 
Add a command to export logs on local disk to external USB
CLI changes
Add a command to backup all log files to USB drive.
Syntax
execute backup disk alllogs usb
Add a command to backup specific log file(s) to USB drive.
 Syntax
execute backup disk log usb <string> //Choose log: traffic, event, ips, virus, webfilter, spam, dlp, voip, app-ctrl, anomaly, netscan
 
Can someone change his Script and post it here to run an automatik USB backup? 
#11
FatalHalt
Gold Member
  • Total Posts : 124
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/06/11 08:51:54
  • Status: offline
Re: Backup over SCP 2014/12/01 10:04:12 (permalink) ☄ Helpfulby emnoc 2014/12/01 13:57:09
0
Sorry to bump this thread, but been running into some issues. 
 
Is it just me, or are the backups you get from SCP not the full backup of the device? I've only just noticed this now that I'm doing some analytics on the files themselves, but they aren't even close to full. On one device, a full backup from the GUI gets me a file with 40,000 lines. A scp backup using sys_config is just shy of 2,200. It doesn't have any vdoms. It's almost useless. 
 
Is there a different command other than sys_config (or fgt-config) to get a proper, full backup?
#12
emnoc
Expert Member
  • Total Posts : 5301
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Backup over SCP 2014/12/01 13:58:11 (permalink)
0
The sys_config is not the full backup. 
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#13
FatalHalt
Gold Member
  • Total Posts : 124
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/06/11 08:51:54
  • Status: offline
Re: Backup over SCP 2014/12/01 14:00:12 (permalink)
0
What is the command to do the full backup?
#14
emnoc
Expert Member
  • Total Posts : 5301
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Backup over SCP 2014/12/01 14:10:37 (permalink)

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#15
Elthon Abreu
Bronze Member
  • Total Posts : 50
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/04/29 11:37:55
  • Location: Brazil
  • Status: offline
Re: Backup over SCP 2015/02/23 08:59:16 (permalink)
0
emnoc/FatalHalt
 
Yes, the command "sys_config" is a full backup !
I tested and compared both methods.

Elthon Abreu
FCNSA v5
#16
ede_pfau
Expert Member
  • Total Posts : 6068
  • Scores: 488
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: Backup over SCP 2015/02/23 09:27:39 (permalink)
0
My mustard on this:
I'm doing SCP backups for a couple of customer FGTs and it's both
- just the same as 'Backup' from the Dashboard
- NOT the full backup
 
The files just contain the commands to transform a factoryreset config into the running config. All default settings are left out.
And I'm not dealing with VDOMs. So if anybody knows how to elicit the config for all VDOMs on a FGT then please post.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#17
Elthon Abreu
Bronze Member
  • Total Posts : 50
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/04/29 11:37:55
  • Location: Brazil
  • Status: offline
Re: Backup over SCP 2015/02/23 10:17:20 (permalink)
0
ede_pfau,
 
I'm doing backups with a script Batch (DOS) running on the Windows scheduler. It's work fine for me.
 
Best regards.

Elthon Abreu
FCNSA v5
#18
emnoc
Expert Member
  • Total Posts : 5301
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Backup over SCP 2015/02/23 12:27:00 (permalink)
0
Will for me the fgt-config pulls the complete configs ( full ) with vdoms.
 
scp  <myuser>@1.1.1.1:fgt-config ./
 
So anything with fgt-config in the name will pull the full cfg.
 
e.g ( using fgt-config2  the 2 doesn't matter ;) )
 
 
scp -P 2022 admin@10.10.80.1:fgt-config2 ./
admin@10.10.80.1's password:
fgt-config                                    100%  371KB  37.1KB/s   00:10 
 
 
So anything with  fgt-config or sys_config no matter what the spelling works.
 
 kfelix$ scp -P 2022 admin@10.10.80.1:custB/sys_config ./
admin@10.10.80.1's password:
sys_config                                                            100%  371KB  33.7KB/s   00:11    
 
 kfelix$ scp -P 2022 admin@10.10.80.1:sys_config-blhblhlah  ./
admin@10.10.80.1's password:
sys_config                                                            100%  371KB  37.1KB/s   00:10    
 

        
 
Ken
post edited by emnoc - 2015/02/23 12:29:10

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#19
nbctcp
Bronze Member
  • Total Posts : 37
  • Scores: 2
  • Reward points: 0
  • Joined: 2015/03/05 04:48:26
  • Location: Indonesia
  • Status: offline
Re: Backup over SCP 2015/03/06 04:20:47 (permalink)
0
Ethon,
Can you please show me the steps
 
elthon.abreu
ede_pfau,
 
I'm doing backups with a script Batch (DOS) running on the Windows scheduler. It's work fine for me.
 
Best regards.




#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2019 APG vNext Commercial Version 5.5