Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Can I "export" ASM security policies (one or all) from CLI?

Is there a bash or tmsh command that can export ASM security policies from the CLI? Even on the box to /shared/tmp? I'd like to setup a daily cron job to export my ASM policies nightly. I have automated nightly archives, but it would be nice to have the granularity to restore an individual ASM policy rather than the entire ucs restore. I'm using this model to backup my LTM Data Group Lists nightly. I'm running 11.5.4.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi, there is tmsh command save asm policy [asm policy name] xml-files. The problem should be that you can't use wild-cards for policy names. So you need to have the list of policies.

One possibility is:tmsh list asm policy \/*\/* one-line | cut -d " " -f 3 > policies.txt

than run the loop to save them:

for i in $(cat policies.txt) do echo $i; save asm policy $i xml-file; done

(not tested, i have no box available now. may be you will have to escape the slashes (with back slashes)).

after that you will have the policies in /var/tmp/*.xml files. Filip

1
Comments on this Answer
Comment made 12-Apr-2018 by Pinko_Commie 66

I took this and ran with it (mainly because a customer asked for it)

#Create directory for export if it doesn't exist
mkdir -p /shared/asm_policy_backups

#Set initial expoort date/time for tagging purposes
export_date=`date +%Y_%m_%d-%H%M`

#Enumerate all policy names and iterate through exporting twice
for policy in `tmsh list asm policy one-line | awk '{print $3}'`
        do
                tmsh save asm policy $policy xml-file /var/tmp/${policy}_${export_date}.xml
                tmsh save asm policy $policy bin-file /var/tmp/${policy}_${export_date}.bin
        done

#compress exported policy files and place in backup folder
tar -zcvf /shared/asm_policy_backups/ASM_Policies_${export_date}.tgz /var/tmp/*${export_date}*

#clean up exported files post archive
rm /var/tmp/*${export_date}*

I've tested it out on a 12.1.2 box and it works perfectly. Took about 120 seconds to export 30 policies on a i10800

It'll put them into .shared/asm_policy_backups, which means they should be available between different boot partitions.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Kindly share the procedure to backup the ucs archive automatically.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

save asm policy asm_policy_name xml-file file_name_to_save_to

0
Comments on this Answer
Comment made 17-Jan-2018 by MSZ 471

ucs archive automatically ? How this achieve?

0
Comment made 17-Jan-2018 by Josh Becigneul 1219

Hey there MSZ,

Try this article out for an automatic way of creating UCS archives on a defined schedule. K13418: Archiving UCS files using the logrotate and crontab utilities (11.x - 13.x)

It likely applies with some modification to the ASM policy export as well.

Thanks. Josh

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Thank you Pinko_Commie, I am looking at trying to monitor Changes to the ASM from a FIM .. modify you script a little bit and I should be good!

0