You need to download all of the active router configurations to see what has changed recently.
The Perl script in Example 1-4 will automatically retrieve and store router configuration files on a nightly basis. By default, it will retain these configuration files for 30 days. The script should be run through the Unix cron utility to get the automatic nightly updates, but you can also run it manually if required. No arguments are required or expected.
#!/usr/local/bin/perl # # backup.pl -- a script to automatically backup a list of # router configuration files on a nightly basis. # # # Set behaviour $workingdir="/home/cisco/bkup"; $snmprw="ORARW"; $ipaddress="172.25.1.1"; $days="30"; # # $rtrlist="$workingdir/RTR_LIST"; $storage="$workingdir/storage"; $latest="$storage/LATEST"; $prev="$storage/PREV"; if (! -d $storage) {mkdir ($storage, 0755)}; if (! -d $prev) {mkdir ($prev, 0755)}; if (! -d $latest) {mkdir ($latest, 0755)}; ($sec, $min, $hr, $mday, $mon, $year, @etc) = localtime(time); $mon++; $year=$year+1900; $today1=sprintf("%.4d_%.2d_%.2d", $year, $mon, $mday); $today="$storage/$today1"; system("cp -p $latest/* $prev/"); unlink <$latest/*>; mkdir ($today, 0755); open (RTR, "$rtrlist") || die "Can't open $rtrlist file"; open (LOG, ">$workingdir/RESULT") || die "Can't open $workingdir/RESULT file"; print LOG "Router Configuration Backup Report for $year/$mon/$mday\n"; print LOG "= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =\n"; print LOG "Device Name Status\n"; print LOG "= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =\n"; while (<RTR>) { chomp($rtr="$_"); $oid=".1.3.6.1.4.1.9.2.1.55.$ipaddress"; $snmpset ="/usr/local/bin/snmpset -v1 -c $snmprw -t60 -r2 $rtr"; $rtrfile="/tftpboot/$rtr.cfg"; unlink $rtrfile; open (CFG, ">$rtrfile"); print CFG " ";close CFG; chmod 0666, $rtrfile; chop ($status=`$snmpset $oid s $rtr.cfg`); $status=~/.+ = "(.+)".*$/; if($1 eq "$rtr.cfg") { if( -z "$rtrfile" ) { $result="not ok (File empty)"; unlink $rtrfile; } else { $result="ok"; chmod 0444, $rtrfile; system("mv $rtrfile $latest"); } } else { $result="not ok"; unlink $rtrfile; } printf LOG ("%-28s %-28s\n", $rtr,$result); } system ("cp -p $latest/*cfg $today"); $time=$days*86400; print "$time\n"; ($sec, $min, $hr, $mday, $mon, $year, @etc) = localtime(time-$time); $mon++; $year=$year+1900; $rmdir=sprintf("%s/%.4d_%.2d_%.2d",$configs, $year, $mon, $mday); system ("rm -r -f $storage/$rmdir");
As we mentioned earlier in the chapter, it is extremely important to make regular backup copies of your router configuration files. However, as the size of your network grows, it becomes quite tedious to maintain a useful archive of these backups. This script automates the task of collecting and storing router configuration files on a Unix-based TFTP server.
This script will maintain 30 days worth of configuration files. We have found that this is a reasonable length of time, allowing engineers to recover router configuration files that are up to one month old. However, if you prefer, you can change the $days variable to increase or decrease how long the script will store these files before deleting them. If you increase the length of time that the server must store these files, it will obviously increase the amount of disk space you need to hold the extra configuration files. But router configuration files are generally quite small, so this is usually not a serious problem unless you support thousands of routers.
Before executing this script, you will need to modify a few variables. First, the $workingdir variable should contain the name of the directory in which the server will run the script. Second, the $snmprw variable must contain your SNMP read-write community string. Please note that the read-only community string will not allow you to copy a configuration file; you must use the read-write string. The other variable you need to change is $ipaddress, which should contain the IP address of your TFTP server.
The script is written in Perl, and it makes a few system calls out to Bourne shell commands. The script expects to find the Perl executable in the /usr/local/bin directory. The script is also dependent on NET-SNMP and it expects to find the executable snmpset in the /usr/local/bin directory as well. If these files are in different locations on your local system, you will need to modify these paths. See Appendix A for more information on Perl and NET-SNMP.
Finally, you will need a file called RTR_LIST that contains the list of router names. This file must be in the working directory.
As we mentioned earlier, you should run this backup script from the Unix cron utility on a nightly basis. This ensures that you have an up-to-date backup of your configuration files. We recommend launching this script during the off-hours since it does generate traffic across your network, as well as causes a small amount of CPU loading on the routers. Here is an example crontab entry to start the script every night at 1:30 A.M.:
30 1 * * * /home/cisco/bkup/backup.pl
When the script runs, it creates a new directory called storage under the working directory. Under this directory, the script creates several subdirectories, including LATEST, PREV, and dated directory names (such as 2003_01_28). The LATEST directory always contains the most up-to-date router configuration files, and you can find the previously stored version of each router's configuration in the PREV directory. The dated directories contain all of the router configuration files that were captured on the date indicated in the directory name.
You can use the Unix diff command to see what changes have occurred on a given router.
Finally, the script creates a nightly status report that it stores in a file called RESULT in the working directory:
Freebsd% cat RESULT Router Configuration Backup Report for 2003/1/28 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Device Name Status = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = toronto ok boston not ok test ok frame ok
With a slight modification, you can configure the script to email this report to the responsible engineer. However, since each different Unix flavor uses a different mail program, we chose not to include it here in the interest of compatibility. On a Solaris server, for example, you could add the following line to the bottom of the script to mail this report:
system ("/usr/ucb/mail -s \"Config Report for $today1\" `/bin/cat $mail` < $workingdir/RESULT");
In this case, you would need to define the variable $mail to be an email distribution list for the report. For other Unix or Linux variants, please consult your manpages for more information on your local mail program.
Top |