This blog post will briefly demonstrate how to automate backups to a SSH server using the SCP command.

 

Pre-requisites

  • SSH server must be installed and listening to port 22 (I use Bitvise SSH server, but it's really up to you)
  • Username and password for the ssh client is created inside the SSH server (Assuming login is via local)
  • Firewall rules are allowed from FireEye > SSH Server

 

Based on the commands below, we will be scheduling a full daily backup at 00:00 hrs.

 

  1. Log in to the FireEye appliance via CLI using putty
  2. Run the following commands:
    1. en
    2. config t
    3. job 1 schedule daily start date YYYY/MM/DD
    4. job 1 command 1 "backup profile full to scp://<ssh_username>:<ssh_password>@<SSH_Server_IP_Address>/C:/FireEye/Backup”
    5. job 1 enable
  3. Verify the parameters by running: show job 1
  4. To confirm if the backup can be performed successfully, do a one-time backup by running : job 1 execute
  5. The backup should be running and a backup file will be created at the remote path which in this case is C:/FireEye/Backup/febackup.
  6. Save your changes by typing: write memory
  7. Last but not least, remember to manually delete the backup on the server weekly or monthly, depending on the file size.

 

==============================================================================================================

Another fantastic guide you can refer isBest Practice Guide: Automating Appliance Configuration and Alert Backups

 

As a separate reference, the post below is one of the articles I have found for CMS backup, slightly lengthy but detailed enough.

 

To configure the scheduled backup job for the configuration database:
1. Enable the CLI configuration mode.
hostname > enable
hostname # configure terminal


2. Create the job by specifying the job ID.
hostname (config) # job job_ID


3. Specify the sequence number for the scheduled backup job.
hostname (config) # job job_ID command sequence_number


4. Use the backup profile command to set the profile for the configuration database. Specify
the location for the backup file.
hostname (config) # job job_ID command sequence_number "backup profile config to
backup_location"
l To schedule the backup job to a location destination on the CM Series platform,
enter:
hostname (config) # job job_ID command sequence_number "backup profile config to local"
l To schedule the backup job on a remote server, enter:
hostname (config) # job job_ID command sequence_number "backup profile config to url"
where url is the specified remote location using the following format:
scp://username:password@hostname/remote path

l To schedule the backup to a USB drive on your local machine, enter:
hostname (config) # job job_ID command sequence_number "backup profile config to usb"


5. Save your changes.
hostname (config) # write memory


To schedule automatic backups for the configuration database:
1. Specify how often you want the backup job to run automatically.
l To schedule daily, enter the end date, start date, or time :
hostname (config) # job job_ID schedule daily end date yyyy/mm/dd
hostname (config) # job job_ID schedule daily start date yyyy/mm/dd
hostname (config) # job job_ID schedule daily time hh:mm:ss


where yyyy/mm/dd specifies the end or start date for the backup job.
l where hh:mm:ss specifies the time to start the backup job based on a 24-hour clock.

l To schedule weekly, enter:
hostname (config) # job job_ID schedule weekly day-of-week day
where day is the day of the week the backup job is scheduled to occur.
l sun
l mon
l tue
l wed
l thu
l fri
l sat


l To schedule monthly, enter:
hostname (config) # job job_ID schedule monthly day-of-month day
where day is the day of the month the backup should occur.

l To schedule once, enter:
hostname (config) # job job_ID schedule once time hh:mm:ss date yyyy/mm/dd
l where hh:mm:ss specifies the time to start the backup job based on a 24-hour
clock.
l where yyyy/mm/dd specifies the date to start the backup job.


l To schedule periodically, enter the end and start date or time interval:
hostname (config) # job job_ID schedule periodic end date yyyy/mm/dd time
hh:mm:ss
hostname (config) # job job_ID schedule periodic start date yyyy/mm/dd time
hh:mm:ss
hostname (config) # job job_ID schedule periodic interval time_interval
l where yyyy/mm/dd specifies the end or start date for the backup job.
l where hh:mm:ss specifies the end or start time for the backup job based on a
24-hour clock.
l where time_interval is specified in the format of "2h3m4s."


l To specify a type of schedule, enter:
hostname (config) # job job_ID schedule type

where type is the type of schedule for the backup job.
l once
l daily
l weekly
l monthly
l periodic


2. Enable the configuration for the scheduled backup job.
hostname (config) # job job_ID enable


3. Save your changes.
hostname (config) # write memory


4. Verify the status for the scheduled backup job. Enter the show job command.
hostname (config) # show job


Job 333:
Status: pending
Enabled: yes
Continue on failure: no172
Schedule type: daily
Time of day: 00:00:00
Absolute start: 2014/12/07
Absolute end: (no limit)
Last exec time: N/A
Next exec time: Sun 2014/12/07 00:00:00 +0000
Commands:
Command 1: backup profile config to local