New Member

Solved

Backup over SCP

Forum|Forum|11 years ago
September 15, 2014
14 replies
83036 views

I' m trying to figure out how to backup over SCP. I' ve enabled ' admin-scp' in config sys global, but am now trying to actually figure out how to use it. Anyone able to get me started? Thanks.

Best answer by FatalHalt

Sorry to bump this thread, but been running into some issues.

Is it just me, or are the backups you get from SCP not the full backup of the device? I've only just noticed this now that I'm doing some analytics on the files themselves, but they aren't even close to full. On one device, a full backup from the GUI gets me a file with 40,000 lines. A scp backup using sys_config is just shy of 2,200. It doesn't have any vdoms. It's almost useless.

Is there a different command other than sys_config (or fgt-config) to get a proper, full backup?

Istvan_Takacs_FTNT

Staff

Using the SCP client http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/basic_setup.096.53.html

emnoc

New Member

I never heard of fgt-config but sys_config works e.g scp admin@x.x.x.5:sys_config ./ admin@x.x.x.x5' s password: Permission denied, please try again. admin@x.x.x.5' s password: sys_config 100% 332KB 83.1KB/s 00:04 kfelix@socket01:~$ Go to tip#6 on my blog; http://socpuppet.blogspot.com/2013/12/fortigate-tips-tricks-from-socpuppets.html

FatalHaltAuthor

New Member

Thanks guys. I was using the document from the Admin guide, but didn' t have any sort of scp client (windows host). Grabbed the pscp.exe file from putty and am now cruising along. Made a nice little python script to automate all my boxes now!

ede_pfau

SuperUser

Would you care to share the python script? Py pal here.

FatalHaltAuthor

New Member

Threw it up on my Github

emnoc

New Member

Here' s a simple bash script, that you can call and run thru a listing. It down load the cfg and timestamp the downloaded file #!/bin/bash # This is a simple bash cfg grabber # # if [ ! $1 ]; then echo " Usage : getcfg.sg <username> <fortigate ip_address> <ssh port # > " echo " " echo " Example getcfg admin 1.1.1.1 22 " echo " " exit 1 fi # # DATE=`date +%F%Z%T` # # A=sys_config # PORT=$3 scp -P $3 $1@$2:$A ./$A-$2_$DATE.cfg # # end

ede_pfau

SuperUser

Thanks FatalHalt, nice work!

FatalHaltAuthor

New Member

Thanks! I' ve also got a work in progress config parser script on there as well. Parses out different sections of the config to csv files (which I combine into spreadsheets). Great for comparing policy, address sets, etc. Adding more sections for it when I have time.

jtfinley

New Member

Shameless plug, but I wrote something [link=]http://www.jfinley.com/2013/03/automated-fortigate-configuration-backups-using-scp/[/link]

Holy

New Member

Reading What´s new Forti OS 5.2.2 ...

Add a command to export logs on local disk to external USB CLI changes Add a command to backup all log files to USB drive. Syntax execute backup disk alllogs usb Add a command to backup specific log file(s) to USB drive.

Syntax

execute backup disk log usb <string> //Choose log: traffic, event, ips, virus, webfilter, spam, dlp, voip, app-ctrl, anomaly, netscan

Can someone change his Script and post it here to run an automatik USB backup?

FatalHaltAuthorAnswer

New Member

Sorry to bump this thread, but been running into some issues.

Is it just me, or are the backups you get from SCP not the full backup of the device? I've only just noticed this now that I'm doing some analytics on the files themselves, but they aren't even close to full. On one device, a full backup from the GUI gets me a file with 40,000 lines. A scp backup using sys_config is just shy of 2,200. It doesn't have any vdoms. It's almost useless.

Is there a different command other than sys_config (or fgt-config) to get a proper, full backup?

emnoc

New Member

The sys_config is not the full backup.

FatalHaltAuthor

New Member

What is the command to do the full backup?

Show more replies

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded