CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: automated MDS backup

  1. #1
    Join Date
    2019-09-16
    Posts
    1
    Rep Power
    0

    Default automated MDS backup

    Hello team
    hopefully this is in correct section of forum
    I need to do specific task in job, which is do monthly backup and send to storage server.

    Because im not a linux a guy was thinking about script which would look like this and add to cron:

    mdsstop && cd /local/backups/ && mds_backup -g -l && mdsstart

    Later probably I'll add tar command to compress files into single one and then send via scp to storage server then delete it.


    Does it make sense to do it like this? The point is that it needs to be automated fully, so there are no questions during execution of scrit like "press y to logout users". etc.

  2. #2
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    327
    Rep Power
    14

    Default Re: automated MDS backup

    I normally use mds_backup -b -i -l. The b sets batch mode, which doesn't prompt for anything. The i includes the rule hit counts. The l (lowercase L) excludes logs (I have separate MLMs, so this is just a belt-and-suspenders to keep the size tolerable).

    I've been working on a script to fully automate this, complete with email notification. I don't have SCP automated yet, but the email, creation of the backup, and the removal of old backups past the retention period all works:

    Code:
    #!/bin/env bash
    MTA="<mail.example.com>"
    RECIPIENTS="<someAddress@example.com; secondAddress@example.com>"
    SUBJECT_DATE="$(date --iso-8601)"
    WORKING_DIR="/var/log/mds_backup"
    NUMBER_TO_KEEP=1
    
    . /etc/profile.d/CP.sh
    ############################################################
    ## Send a notice the backup is starting, then wait five
    ## minutes to give people a chance to see it.
    printf "From: root@$(hostname)
    To: ${RECIPIENTS}
    Subject: MDS backup for ${SUBJECT_DATE}
    mds_backup beginning on $(hostname) in five minutes, at $(date -d '+5 minutes' --iso-8601=seconds)." \
    | /sbin/sendmail --host="${MTA}" --read-envelope-from -t
    sleep 300s
    
    ############################################################
    ## Run the backup.
    if [ ! -d ${WORKING_DIR} ];then mkdir ${WORKING_DIR};fi
    touch markerFile
    MDS_ERROR=$( { mds_backup -b -i -l -d ${WORKING_DIR}>/dev/null; } 2>&1 )
    MDS_EXIT=$?
    cd ${WORKING_DIR}
    for fileName in $(ls *.mdsbk.tgz | grep -v $(hostname)); do
    	dateStamp=$(echo $fileName | cut -d. -f1)
    	mv ${fileName} ${dateStamp}.$(hostname).mdsbk.tgz
    	done
    cd "$OLDPWD"
    
    ############################################################
    ## SCP code here.
    NEW_BACKUP="$(find ${WORKING_DIR} -newer markerFile -name '*.mdsbk.tgz')"
    ## SCP_EXIT=$?
    SCP_EXIT=0
    
    ############################################################
    ## If the SCP worked, clean up old files to leave only the
    ## number specified in FILES_TO_KEEP. Older files are
    ## removed first.
    FILES_REMOVED=""
    if [ ${SCP_EXIT} -eq 0 ];then
    	NUMBER_TO_REMOVE=$(($(ls -t ${WORKING_DIR}/*.mdsbk.tgz | wc -l)-${NUMBER_TO_KEEP}))
    	if [ ${NUMBER_TO_REMOVE} -gt 0 ];then
    		FILES_REMOVED=$(ls -t ${WORKING_DIR}/*.mdsbk.tgz | tail -n ${NUMBER_TO_REMOVE})
    		echo "${FILES_REMOVED}" | xargs -L 1 /bin/rm
    		fi
    	fi
    /bin/rm markerFile
    
    ############################################################
    ## Report backup status to the admins.
    printf "From: root@$(hostname)
    To: ${RECIPIENTS}
    Subject: MDS backup for ${SUBJECT_DATE}
    mds_backup finished on $(hostname) at $(date --iso-8601=seconds).
    
    mds_backup exit code: ${MDS_EXIT}
    SCP exit code: ${SCP_EXIT}
    
    mds_backup STDERR:
    ############################################################
    ${MDS_ERROR}
    ############################################################
    
    Files removed:
    ${FILES_REMOVED}" \
    | /sbin/sendmail --host="${MTA}" --read-envelope-from -t
    To use this, you need to replace <mail.example.com> and <someAddress@example.com; secondAddress@example.com> with values for your environment. You can put the script anywhere, and run it with cron.

    The removal happens after the SCP, so you can set NUMBER_TO_KEEP to 0 if you don't want to retain any local copies. I like to retain at least one local in case I need to import without rebuilding the whole MDS.

    It puts the files in /var/log/mds_backup by default. If the directory doesn't exist, the script will create it.

    It renames the files to include the hostname of the MDS. My organization's fileservers are managed by a separate team, so I include this to help them find me if they have questions about the enormous files.
    Zimmie

Similar Threads

  1. automated FW push scripts
    By bingdude in forum R80
    Replies: 1
    Last Post: 2017-08-30, 08:11
  2. SUPPORTED automated log archive procedure
    By boldin in forum SmartView Tracker
    Replies: 5
    Last Post: 2010-05-06, 21:41
  3. Automated Upgrade Export
    By Felix001 in forum Miscellaneous
    Replies: 0
    Last Post: 2009-11-05, 06:46
  4. Automated\graceful shutdown when power is lost?
    By Spacetrucker in forum Check Point SecurePlatform (SPLAT)
    Replies: 7
    Last Post: 2009-07-09, 10:55
  5. how can i do automated failover of vpn tunnel
    By venkatnarayana in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2007-09-28, 02:36

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •