Monitoring, Management & Location Tracking

This community is currently in a read-only state due to a maintenance window. For more info click here

Use AirWave script to regularly back up Aruba controllers

Aruba Employee
Aruba Employee

The attached AirWave script gathers backup files from all Aruba controllers defined in AMP.  The attached script has been tested to work on AirWave versions 7.4, 7.5, 7.6, and 7.7.



Script Setup

The script should be placed in /var/airwave/custom.  Give the script execute permissions using the following command:
# chmod +x /var/airwave/custom/

As detailed in the script usage notes below, the script requires an SSH username/password on the AMP, which is used for the controller to copy its backup files.  You can create the account using adduser and passwd commands in AMP CLI.

# useradd ampscpuser
# passwd ampscpuser

The user account must have read/write access to the destination directory which is /var/airwave/custom/controller_backups by default but you can alter the destination directory with the -d option.  Make the destination directory and make the newly created SCP user the owner of it.

# mkdir /var/airwave/custom/controller_backups
# chown ampscpuser /var/airwave/custom/controller_backups

The script must still run as the AirWave root user, not the newly created SSH account.

Note: The open source package rssh can be used on AMP to create an SSH account that only has SCP access.  Installation and configuration instructions for "rssh" are not covered in this KB.

Script Scheduling

To schedule the script to run periodically, use either crontab to set up a custom run time or use the post nightly maintenance hook to have the script run immediately after nightly maintenance completes.


The following example would run the script once daily at 12:15AM.

To open the crontab for editing:
# crontab -e

Add the following line outside the "BEGIN AMP..." and "END AMP..." sections.
15 00 * * * /var/airwave/custom/ -u ampscpuser -p <PASSWORD> > /dev/null 2>&1

To save the script output to a log file, use this modified cron entry:
15 00 * * * (date && /var/airwave/custom/ -u ampscpuser -p <PASSWORD>) >> /var/log/controller_backup_script.txt 2>&1

Post Nightly Maintenance

Alternatively, you can use the post_nightly_maintenance script to trigger the controller backup script immediately after nightly maintenance completes.  To do this, copy post_nightly_maintenance.sample file and modify it.

# cd /var/airwave/custom
# cp post_nightly_maintenance.sample post_nightly_maintenance
# vi post_nightly_maintenance

Add a line at the end of the copied sample script to call the backup script.

/var/airwave/custom/ -u ampscpuser -p <PASSWORD> > /dev/null 2>&1

Additional Notes


If you fresh install AirWave on a new server and restore an existing backup, the setup necessary for this script will be partially lost.  The scripts and backups will still exist in /var/airwave/custom since that directory does get restored but the following setup will need to be performed again:


  • The SSH user account created will not be re-created.  You will need to repeat the user creation process.
  • If you store the backups in a location that isn't a pre-created directory in AMP (using the -d option), you will need to re-create that directory and give ownership to the SSH user.
  • If using crontab and not post nightly maintenance, the crontab entry will need to be re-added.

Scripts Usage

(generated from running /var/airwave/custom/ -h)


/var/airwave/custom/ runs backup commands on all "up" Aruba controllers defined in AMP.  The
  generated backup files and the commands used to generate them are as follows:
<CONTROLLER-NAME>-<TIMESTAMP>-logs.tar - "tar logs tech-support"
<CONTROLLER-NAME>-<TIMESTAMP>-flashbackup.tar.gz - "backup flash"
<CONTROLLER-NAME>-<TIMESTAMP>-license.tar - "license export license"
     - generated from "backup flash"
The generated controller files are SCP'd to the AMP using an linux account
  specified with the options, -u <LINUX USERNAME> -p <LINUX PASSWORD>.  After
  the files are transferred, they are deleted on the controller.  On AMP, the
  files get stored in a user specified directory using option -d <directory>.
If a directory isn't specified, the files get stored in
The script compresses the files to an archive and deletes
  the individual files.  The script rotates the latest 5 backup files.
A linux user account with SSH/SCP privileges is required.  The linux account
  must also have access to the destination directory.  To ensure this use the
  command, "chmod <SCP username> <destination directory>".
To target only devices in a specific group or folder, use -g or -f with the
  group/folder ID, e.g. -g 15
The default timeout for all remote commands is 90 seconds.  The timeout can be
  adjusted with the -t option, e.g. -t 180.
For debugging purposes, add option -v for verbose mode.
If you would prefer to use an SSH user account that only allows SCP,
  investigate the open source package rssh which can be installed on AMP.
The logic for retrieving the sha1 file is as follows: (only applies to FIPS controllers)
  The script takes the name of the config file currently in use and extracts
  that name and appends ".sha1".  For example, if the config file is named
  config.cfg, the script retrieves the file config.sha1 off of the controller.
/var/airwave/custom/ -u <LINUX USERNAME> -p <LINUX PASSWORD> (-d <DEST DIRECTORY> | -g GROUP ID | -f FOLDER ID |) (-v) (-t)
If you would like to feed the password from a down file, you can use
  xargs as such:
# head -n 1 /var/airwave/custom/amp_scp_user_password.txt | xargs -IPASS /var/airwave/custom/ -u ampscpuser -p PASS

The remote command timeout is now adjustable with option -t, example:
/var/airwave/custom/ -u ampscpuser -p password -t 180.
If you don't pass option -t, the default timeout of 90 seconds takes effect.

The script deletes each controller's SSH "known host key" saved for AMP.  This fixes an issue where the script wouldn't SCP files correctly if the AMP SSH key was different than a key that a controller had previously accepted.  By deleting the key initially, the controller will always accept the key AMP presents and will proceed to transfer the files.

The four versions of the original script have been merged into one.  The one script now works on 7.4 and earlier, 7.5 and later, non-FIPS controllers, and FIPS controllers.


Version history
Revision #:
2 of 2
Last update:
‎07-07-2014 08:58 AM
Updated by:
Labels (1)

Where is the backup script to download?

Hello Michael, because the script is in Perl we are unable to attach it within Airheads at the moment (but we are working on this issue right now).


You can, however, download the script from our Support site here:


Thank you,


Julia Ostrowski, Aruba Networks

Hello Julia,


This is a very interesting topic for me.
Support page link does not work for me.
Can you verify if it is still valid, please?

Is there a chance you could send the script via e-mail if there is no other way ?


Thank you

Hi guys,


First of all, many thanks for John J for providing the script.

Implementation is ongoing.


Menawhile I have couple questions:

  • In the parameters list:


where can I get that 'FOLDER ID' ?

it supposd to be a decimal value I don't see anywhere. Is there a CLI command to list all folders with more details than I see via GUI ?


  • As far I can see script is using SSH credentials configured in AirWave to logon to controllers and fetch config .

We use AirWave as a Monitoring-only environment and all devices are in Monitor-only mode.

Can I configure those SSH credentials with same user we have created for purpose of a backup ? (ampscpuser)

Will it have any other impact on our env we should consider ? We still don’t want to get any configuration being pushed from AirWave to controller.

Does this script also work for IAPs?  Has anyone tried this with any success?

IAP doesnt support copying the backup via SSH/TELNET. Hence this script doesnt work for IAPs.



Search Airheads
Showing results for 
Search instead for 
Did you mean: