How to download the dap.xml file from an ASA via the akips software

Using Config Crawler to backup the dap.xml file.

Before you try this, ssh to your ASA and verify the login username and password that will be used for Config Crawler. Validate that the below two command shows the contents of the dap.xml file without your having to press space if the output goes over one page:

terminal pager 0
more disk0:/dap.xml

If the above shows the contents of the dap.xml file, then follow the below steps to configure Config Crawler to backup the file. More examples of Config Crawler settings are available in the Config Crawler settings help.

  1. Navigate to Admin -> Config Crawler -> Settings:
  2. Under "2. Script Rules" add the below section. This will tell Config Crawler to change the page limit to unlimited when command are entered. Next it will capture the output of the "more disk0:dap.xml", then it will set the page limit back to 24 which is the default.

    # Capture Cisco ASA dap.xml file
    name:    cisco-asa-dapxml
    command: terminal pager 0
    capture: more disk0:/dap.xml
    command: terminal pager 24
    command: exit
  3. Under "3. Device Rules" add the below section:

    # ASA dap.xml Backup
    name:   cisco_asa_dapxml_daily_backup
    group:  <Add a device group for your ASAs>
    user:   <replace-with-username>
    pass:   <replace-with-password>
    script: cisco-asa-dapxml
    strip:  <add anything that you want to remove from the output else hash out this line>
  4. If you don't have a group for your ASAs, add the below two lines to your Auto-Grouping configuration (Admin -> Grouping -> Auto-Grouping), then click "Save and Apply" to create and populate the group. Add the group "Cisco-ASA" to the group: line in step 3 ie "group: Cisco-ASA"

    # Assign Cisco ASA appliances to their own group
    add device group Cisco-ASA
    assign * * sys SNMPv2-MIB.sysObjectId value /ciscoASA/ = Cisco-ASA
  5. Then you can either run your normal Config Crawler (Admin -> Config Crawler -> Settings -> Run) or use the Crawler Tool (Admin -> Config Crawler -> Crawler Tool) to test the ASA script out on one of your devices
  6. Please note that the Crawler Tool does not update the config repository so you won't see the dap.xml file under Tools -> Config Viewer until you run Config Crawler manually or until it runs on the daily schedule (Admin -> Config Crawler -> Settings -> 1. Daily Crawl Schedule).

Was this article helpful?




Please sign in to leave a comment.