We purchased Unimus about a month ago and we really like it. However, we've discovered that backups of Cisco ASA's sometimes fail.
The backup also takes a _really_ long time.
We have several large multi-context ASA's and I believe the problem might be that you seem to paginate the output. I did a trace, which shows that you are doing a "more system:running-config". It is not preceeded by a "terminal pager 0" which means you have to send something in order for it to paginate. That complicates things, and it is also error prone. The trace log also shows the <--- More ---> lines which confirms that you are indeed paging.
Can you please add "terminal pager 0" as a command before the "more system:running-config"? This will eliminate the need for paging the output.
Reference output below:
Code: Select all
fw1/pri/act/admin# changeto system
fw1/pri/act# more system:running-config
TIMESTAMP: 2023-02-16 21:15:41.156
: Saved
:
: Serial Numbe....
....
....
fw1/pri/act# <<SSH disconnect - channel & session>>
DEVICE OUTPUT END:
Code: Select all
fw1/pri/act/admin# terminal pager 0
fw1/pri/act/admin#
One more thing regarding this. Since we have many contexts it is not really practical so have everything bundled under the same device. The diff gets gigantic, and we also need to limit access to configurations for different users which we can't do right now.
I tried adding a single context as a device, but that fails. The reason is that you are checking if the ASA is multicontext, and if it is then you are trying to switch to the system context. Since it it not possible to switch to the system context when connected via SSH directly into a non admin-context that does not work. Also, it would of course cause the backup to contain all contexts under a single device anyway.
It would be really nice if you could check that you are in the "admin" context, and if you are then you can switch to the system context. In other cases you should just backup the context you are in, similar to a backup of a non-multicontext ASA.
I understand that this would mean a little more work, but it would be very helpful to us.
Sample output when inside "admin" context". The asterisk (*) is indicative of it being the admin context, from which it is possible to switch to the system context.
Code: Select all
/pri/act/admin# show context
Context Name Class Interfaces Mode URL
*admin default Management0/0 Routed disk0:/admin.cfg
fw1/pri/act/admin#
Code: Select all
fw1/cust1# show context
Context Name Class Interfaces Mode URL
cust1 default Port-channel9.1652, Routed disk0:/cust1.cfg
1870-1877
fw1/cust1#