EEM to extract IP addr of syslog

Hi all

Brand new to this JIT.

I work with the PFR/REL and want to do a few things when a certain msg is in the newspapers

The msg in Syslog is

% PFR_MC-6-OOP_ACTIVE_MODE: 10.154.0.0/16 Active unreachable OER Prefix, 50000 inaccessible, BR 10.255.65.20 OOP, I / f Gi0/3, unknown relative Exchange 1025, prev BR I / f unknown

When the message is '% PFR_MC-6-OOP_' is sysloged...

I want to execute some commands using the IP prefix in the newspaper (10.154.0.0/16 in the example) and the output from the CLI on the screen and the echo newspaper

I have a simple job of EEM who writes "WOOHOO" when it detects the chain.

But I don't know how to extract the IP address... and I don't know how to redirect the output of CLI in the syslog.

PFRMON1 event manager applet

model event syslog "% PFR_MC-6-OOP".

message from syslog to action 1.0 installation 'Boo PFR OOP' 3

Any help would be appreciated

Wes

Post edited by: Wes Smith
For example, using the above msg... I want to extract 10.154.0.0/16 and use it as follows... with the release of cmd will syslog and, possibly, the screen
SH pfr traffic-Masterclass prefix 10.154.0.0/16 detail
SH pfr master prefix 10.154.0.0/16 detail

You can do this:

Action 1.0 regexp ' prefix ([^,] +), "_syslog_msg $ matches prefix

command cli 2.0 action 'enable '.

Action 3.0 cli command "see the pfr traffic master-class prefix $prefix detail.

message from syslog to action 4.0 ' $_cli_result '.

Tags: Cisco Network

Similar Questions

JIT - ACM with two Instance of the Ethernet on the same interface Service

Hi all

I develop script of EEM for platform of ASR903... I would define VCA two, one for each 'host' connected to the same interface of ASR903 (GI 0/1).

Each host sends CFM package, I will know which CVS the CFM package arrives. In the EEM scripting language, there are the following variable: $_ethernet_intf_name that can be used to retrieve the name of the interface. Is there another variable that can be used to recognize the VCA or is there any syslog message that conatins this information?

CFM Ethernet ieee

Ethernet global cfm

field of Ethernet HOST1 level 2 cfm

Service vlan301 evc301 evc vlan 1301 direction downwards

continuity check

!

CFM Ethernet ieee

Ethernet global cfm

area of cfm Ethernet HOST2 level 3

Service vlan301 evc302 evc vlan 1302 direction downwards

continuity check

!

VCA evc301 Ethernet

VCA evc302 Ethernet

!

interface GigabitEthernet0/1

ink description to ASR - 903 by microwave

no ip address

load-interval 30

auto negotiation

Ethernet microwave hold sending 10 event

Ethernet microwave wtr event 5

Ethernet microwave-threshold of loss of 255 event

!

service instance 301 ethernet evc301

encapsulation dot1q 301

rewrite tag pop 1 symmetrical penetration

Bridge-domain 301

CFM mep field HOST1 mpid 101

CFM encapsulation dot1q 301

!

service instance 302 ethernet evc302

encapsulation dot1q 302

rewrite tag pop 1 symmetrical penetration

Bridge-domain 302

mep field HOST2 mpid 102 cfm

CFM encapsulation dot1q 302

!

Ah, ethernet OAM. I've never used the detector of this event, so I don't know what capabilities are available. I don't have a handy to test myself ASR903. You can run the command "show event handler detector ethernet detail" to see what built-in variables are available to your EEM ethernet event policy. You can also do "display event handler detector all ' to see all detectors of the event. I hope you see something out there that specifies the VCA.

If this isn't the case, you certainly could extract something like a syslog message if a message is generated that contains the name of EVC. Still, I don't know what syslogs are generated, so you should test yourself.

EEM script to alert on failures of the IP SLA

I have the following IP SLA put in place and would like to do the following. I wish I had a journal entry, if any the below have a failure and then send an email to alert for this failure. Is it possible to do this with the EEM?

ALS IP 1010

interval of UDP-Jig 64.xxx.xxx.xxx 3456 num-30 25 packages

history of 24 hours-of-statistics - kept

IP SLA annex 1010 duration to always start now

ALS IP 1011

TCP-connect 64.xxx.xxx.xxx 2000

history of 24 hours-of-statistics - kept

IP SLA annex 1011 duration to always start now

ALS IP 1012

64.xxx.xxx.xxx echo ICMP message

frequency 30

history of 24 hours-of-statistics - kept

History 10 distributions-of-statistics-kept

ALS IP calendar 1012 duration to always start now

Thank you

Mike

Sure. You can use Enhanced Object Tracking to track each IPSLA collector and EEM to respond to delays. For example:

track 1 accessibility of 1010 ip sla

!

Event Manager applet track-1010

event track 1 State

message from syslog to action 1.0 "Collector IPSLA 1010 timed out."

"action mail 2.0 of '[email protected] / * /'to'[email protected] / * /" object "Collector IPSLA 1010 is down" body "Collector IPSLA 1010 has exceeded" Server "10.1.1.1" "

How to extract string in JSON data where the value in a table

Hello

Structure of JSON string

{'name': 'John', 'name': 'kumar', 'address': [{'Address1': 'value', 'place': 'value'}, {'address2': 'value', 'place': 'value'}]}

How to extract the value of the address of the list.

If you have control over the format of data, it is best to rename address1 and address2 to have the same name, for example "address". Then, it can be analyzed that way (I've also simplified other code a bit):
```
JsonDataAccess jda;
QVariant v = jda.loadFromBuffer(jsonString);
QVariantMap m = v.toMap();
QString name = m["name"].toString();
QString surname = m["surname"].toString();
QVariantList addresses = m["address"].toList();
foreach (QVariant addr, addresses)
{  QVariantMap addrMap = addr.toMap();
  QString addressValue = addrMap["address"].toString();
  QString place = addrMap["place"].toString();
}
```

Question of the EEM

Dear Sir

I'm trying to configure an EEM applet in order to close an interface when an IP that SLA has failed. On this router, we use AAA so I configured an aaa list to bypass the authorization.

!

!

EEM AAA authentication login no

AAA authorization config-commands

AAA authorization exec default authenticated if

EEM AAA authorization exec no

AAA authorization commands EEM 0 no

AAA authorization commands 1 EEM no

AAA authorization commands EEM 15 no

!

And I use a dedicated line to run this cmdlet:

line vty 0

authorization controls 1 EEM

authorization of EEM 15 orders

exec authorization EEM

authentication of connection EEM

transport of entry no

My setup of the cmdlet is:

SHUTDOWN_LO1 event manager applet

Event track 10 down state

message from syslog to action 1.0 "Timeout to reach 10.100.1.1.

command action 1.1 cli 'enable '.

action 1.2 cli command "configures terminal.

Action 1.3, command cli "interface loopback1."

Action 1.4 cli command "shutdown".

!

My question is when this cmdlet is run, it blocks on the action "configures terminal:

Jul 26 11:50:33.198: fh_server: fh_io_msg: msg received customer FH_MSG_EVENT_REQINFO 36 pclient 1

11:50:33.198 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: timeout to reach 10.100.1.1

11:50:33.198 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): CTL: called cli_open.

11:50:33.242 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUTSIDE:

11:50:33.242 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ROUTER >

11:50:33.242 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): IN: ROUTER > enable

Jul 26 11:50:33.246: cli_history_entry_add: free_hist_list = 0, hist_list size size = 7

11:50:33.246 Jul 26: flag eem_no_scan is set, jumping from scan of command_string = check_eem_cli_policy_handler

11:50:33.254 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUTSIDE:

11:50:33.254 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ROUTER #.

11:50:33.254 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): IN: ROUTE terminal #configure

Jul 26 11:50:33.258: cli_history_entry_add: free_hist_list = 0, hist_list size size = 7

And then I saw that the line vty 0 is used but remained in a State of idel

ROUTER #systat

User host (s) idle location line

194 vty 0 off 00:00:46

And on the next run, I saw that the router try to perform the following steps on the previous call to this applet

11:55:18.170 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: timeout to reach 88.191.97.16

11:55:18.170 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): CTL: called cli_open.

11:55:18.254 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUTSIDE:

11:55:18.254 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ROUTER >

11:55:18.254 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): IN: ROUTER > enable

Jul 26 11:55:18.254: cli_history_entry_add: free_hist_list = 0, hist_list size size = 7

11:55:18.254 Jul 26: flag eem_no_scan is set, jumping from scan of command_string = check_eem_cli_policy_handler

11:55:18.266 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUTSIDE:

11:55:18.266 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ROUTER #.

11:55:18.266 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): IN: ROUTE terminal #configure

11:55:18.482 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: authorization has no orders.

11:55:18.482 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ^.

11:55:18.482 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: % invalid input detected at ' ^' marker.

11:55:18.482 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUTSIDE:

11:55:18.482 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ROUTER #.

11:55:18.482 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): IN: ROUTER #interface loopback1

11:55:18.498 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ^.

11:55:18.498 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: % invalid input detected at ' ^' marker.

11:55:18.498 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUTSIDE:

11:55:18.498 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ROUTER #.

11:55:18.498 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): IN: ROUTER #shutdown

11:55:18.814 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: authorization has no orders.

11:55:18.814 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ^.

11:55:18.814 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: % invalid input detected at ' ^' marker.

11:55:18.814 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUTSIDE:

11:55:18.814 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): OUT: ROUTER #.

11:55:18.814 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): IN: ROUTER #exit

11:55:18.814 Jul 26: % HA_EM-6-LOG: SHUTDOWN_LO1: DEBUG (cli_lib): CTL: called cli_close.

Thanks for any help.

Well, it's the problem of version. See CSCsz70112. You need to update to an image of EEM 2.3 (12.4 (11) T or higher). You should consider something a bit more recent, however. An image main 15.x would be better.

EEM CLI commands do not run

I'm new to scripting, SLA and EEM and went through the forums and documentation for a couple of days now to learn what I can. I can't get my applet event handler to trigger a reason any. I get the following syslog message based on my reaction als ip config:

4 August 21:25:13.915: % RTT-3-IPSLATHRESHOLD: IP SLAs (100): threshold has occurred for timeout

My setup is less than

!

!

ALS IP 100

2.2.2.2 - echo ICMP-source 1.1.1.1 ip address

threshold of 1000

timeout of 1000

frequency 1

calendar of sla IP 100 now start life forever

reaction-configuration IP SLA 100 respond timeout threshold type 2 5 - type of action trapOnly xofy

!
!

Event Manager applet ipsla-ploss

PROACTIVE WAN PACKET LOSS SCRIPT description

event ipsla operation id 100 reaction type timeout

command action 1.0 cli 'enable '.

Action 1.1, "conf t" cli command

Action 1.2 cli command "ip access-list standard bgp-itineraries-in."

action 1.3 cli command "5 deny 5.5.5.5".

action 1.4 cli command "6 deny 6.6.6.6".

Action 1.5 cli command "end".

!

!

Any help is greatly appreciated!

Add the following to your config:

logging of IP sla

activate the IP sla response alerts

Making existing EEM applets simple scripts Tcl or python.

Hi all

I would like to make the existing simple EEM of scripts Tcl or python applets.

For monitoring the nodes in ITD service, I set up an EEM applet with a knot.

But the nodes keep adding EEM applets are also added as many nodes.

That's why EEM configuration get more complex so I should find a solution.

I think it might be Tcl or Python scripts.

Could check you if it of possible or not?

-Monitor the model track or syslog on the nodes of the ITD downwards or upwards.

-When the ITD nodes get downwards or upwards, the associated script the event trigger to add or delete a device group.

Order to reduce EEM applets I want variable allows you to exactly identify node under status change of situation.

Here are the current configurations of EEM.

Event Manager applet remove_inside_node1
event track State 101
order cli action 1 'enable '.
Action 2 cli command "conf t".
Action 3, command cli "itd session device-group ips_inside.
Action4 'no node ip 1.1.121.1' cli command
Action 5 cli command "commit".
action 6 cli command 'end '.
Action 7 "INFO: removed the 1.1.121.1 node.

Event Manager applet add_inside_node1
101 State event track upward
order cli action 1 'enable '.
Action 2 cli command "conf t".
Action 3, command cli "itd session device-group ips_inside.
Action 4 cli command "node ip 1.1.121.1.
Action 5 cli command "commit".
action 6 cli command 'end '.
Action 7 "INFO: inserted node 1.1.121.1.

OMIS...

Event Manager applet remove_inside_node199
event track State 199
order cli action 1 'enable '.
Action 2 cli command "conf t".
Action 3, command cli "itd session device-group ips_inside.
Action4 'no node ip 1.1.121.199' cli command
Action 5 cli command "commit".
action 6 cli command 'end '.
Action 7 "INFO: removed the 1.1.121.199 node.

Event Manager applet add_inside_node199

199 State event track upward
order cli action 1 'enable '.
Action 2 cli command "conf t".
Action 3, command cli "itd session device-group ips_inside.
Action 4 cli command "node ip 1.1.121.199.
Action 5 cli command "commit".
action 6 cli command 'end '.
Action 7 "INFO: inserted node 1.1.121.199.

Using track, can you cannot match on a circuit racetrack pattern. But, using track syslogs, it would be possible to consolidate these cmdlets to one. For example:

Event Manager applet add_inside_node

event model syslog "TRACK-6-STATE :.*-> to top"

Action 1.0 regexp ' STATE: ([0-9] +) "" $_syslog_msg "corresponds to the track

command cli 2.0 action 'enable '.

Action 3.0, «config t» cli command

Action 4.0, command cli "itd session device-group ips_inside.

Action 5.0, command cli "node ip 1.1.121.$track.

action 6.0 cli command "commit".

Action 7.0 cli command "end".

message from syslog to action 8.0 "INFO: inserted node 1.1.121.$track.

port-securty - EEM tcl access violation

Hi all!

I have problem with regexp expression inside my script.

I need to have two variables, one for PortID i.e. Ge, Fe, Ethernet and the other the MAC address which is a cause of breach of policy, where events happen I see that my regexp is not workin. Please help me or point in the right direction)

=

21:45:23.516 Jul 13: [fh_event_reqinfo_cmd]
* 21:45:23.516 Jul 13: [fh_process_event_reqinfo]
* 21:45:23.516 Jul 13: [fh_event_reqinfo_cmd] event_trigger_num 1 19 21 event_pub_sec 1468446323 event_pub_msec 160 event_pub_time 1468446323.160 job_id event_id event_type {41} event_type_string {syslog} event_severity {gravity-major} msg_count {1} {critical} priority msg {}
{* 21:45:23.161 Jul 13: % PORT_SECURITY-2-PSECURE_VIOLATION: security breach took place, caused by MAC address aabb.cc00.0100 on port Ethernet0/0.} timestamp sequence {} {* 21:45:23.161 Jul 13} mnemonic installation {PORT_SECURITY} {PSECURE_VIOLATION}
* 21:45:23.517 Jul 13: [fh_cli_debug_cmd]
* 21:45:23.517 Jul 13: % HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): IN: switch > activate
* 21:45:23.517 Jul 13: [fh_tty_write_cmd]
* 21:45:23.517 Jul 13: [fh_tty_write_cmd] cmd = enable, cmdsize = 6
* 21:45:23.517 Jul 13: [fh_sys_reqinfo_routername_cmd]
* 21:45:23.535 Jul 13: [fh_tty_read_cmd]
* 21:45:23.535 Jul 13: [fh_tty_read_cmd] read not ready
* 21:45:23.638 Jul 13: [fh_tty_read_cmd]
* 21:45:23.638 Jul 13: [fh_tty_read_cmd] size = 9
* 21:45:23.638 Jul 13: [fh_tty_prompt_cmd]
* 21:45:23.738 Jul 13: [fh_cli_debug_cmd]
* 21:45:23.738 Jul 13: % HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): OUT: switch #.
* 21:45:23.738 Jul 13: [fh_cli_debug_cmd]
* 21:45:23.738 Jul 13: % HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): IN: terminal #configure switch
* 21:45:23.738 Jul 13: [fh_tty_write_cmd]
* 21:45:23.738 Jul 13: [fh_tty_write_cmd] cmd = configure terminal, cmdsize = 18
* 21:45:23.739 Jul 13: [fh_sys_reqinfo_routername_cmd]
* 21:45:23.750 Jul 13: [fh_tty_read_cmd]
* 21:45:23.750 Jul 13: [fh_tty_read_cmd] read not ready
* 21:45:23.860 Jul 13: [fh_tty_read_cmd]
* 21:45:23.860 Jul 13: [fh_tty_read_cmd] size = 80
* 21:45:23.860 Jul 13: [fh_tty_prompt_cmd]
* 21:45:23.967 Jul 13: [fh_cli_debug_cmd]
* 21:45:23.967 Jul 13: % HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): OUT: enter configuration commands, one per line. End with CNTL/Z.
* 21:45:23.967 Jul 13:
Switch #% HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): OUT: Switch (config) #.
* 21:45:23.967 Jul 13: [fh_cli_debug_cmd]
* 21:45:23.967 Jul 13: % HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): IN: Switch (config) #file quiet quickly
* 21:45:23.967 Jul 13: [fh_tty_write_cmd]
* 21:45:23.967 Jul 13: [fh_tty_write_cmd] cmd = quiet prompt file, cmdsize = 17
* 21:45:23.972 Jul 13: [fh_sys_reqinfo_routername_cmd]
* 21:45:23.992 Jul 13: [fh_tty_read_cmd]
* 21:45:23.992 Jul 13: [fh_tty_read_cmd] read not ready
* 21:45:24.100 Jul 13: [fh_tty_read_cmd]
* 21:45:24.100 Jul 13: [fh_tty_read_cmd] size = 17
* 21:45:24.100 Jul 13: [fh_tty_prompt_cmd]
* 21:45:24.171 Jul 13: % LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed State to down
* 21:45:24.200 Jul 13: [fh_cli_debug_cmd]
* 21:45:24.200 Jul 13: % HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): OUT: Switch (config) #.
* 21:45:24.200 Jul 13: [fh_cli_debug_cmd]
* 21:45:24.200 Jul 13: % HA_EM-6-LOG: test.tcl: DEBUG (cli_lib): IN: Switch (config) #interface IDE oucederomsurlesecondport Ethernet0/0.
* 21:45:24.200 Jul 13: [fh_tty_write_cmd]
* 21:45:24.200 Jul 13: [fh_tty_write_cmd] cmd = interface Ethernet0/0 IDE oucederomsurlesecondport., cmdsize = 30
* 21:45:24.200 Jul 13: [fh_sys_reqinfo_routername_cmd]
* 21:45:24.218 Jul 13: [fh_tty_read_cmd]
* 21:45:24.218 Jul 13: [fh_tty_read_cmd] read not ready
* 21:45:24.323 Jul 13: [fh_tty_read_cmd]
* 21:45:24.323 Jul 13: [fh_tty_read_cmd] read not ready
* 21:45:24.426 Jul 13: [fh_tty_read_cmd]
* 21:45:24.426 Jul 13: size [fh_tty_read_cmd] =

==

: model cisco::eem:event_register_syslog ' % PORT_SECURITY-2-PSECURE_VIOLATION: "maxrun 600
import namespace: cisco::eem: *.
import namespace: cisco::lib: *.

Table game rn [sys_reqinfo_routername]
the value of hostname $rn (routername)
Set the SERVER "192.168.116.1".
set the 'nuk.
set PASSWORD "malina".

If {{[result catch {cli_open}]}
Output 1
} else {}

Table game arr_einfo [event_reqinfo]
Set _regexp_result [regexp {caused by MAC address (. +) on the port (. +).} $arr_einfo (msg) MAC PORT]

Try this one.

Table game arr_einfo [event_reqinfo]

Set the msg '$arr_einfo (msg).

If [regexp {caused by MAC address ([0 - 9 - f\ a.] +) on the port ([a-zA-Z0-9 /-.] +)} $msg game PORT MAC] {}

} else {}

action_syslog msg 'Unable to parse syslog message.

}

Help create messages Syslog uses the router host name

We currently have an IP SLA related to the EEM scripts that work great to send syslog messages to alert purposes. However, I would like for each router that sends a syslog to send its host name using wildcards instead of the specified host name. I'm guessing some sort of filtering would do the trick, but I can't find any good documentation on this topic. That's what I currently have:

ALS IP 1
echo ICMP - 172.24.50.1 source-interface GigabitEthernet2
threshold 250
timeout of 1000
frequency 5
IP SLA annex 1 point of life to always start-time now

!

LAN_interface_Link_down event manager applet
syslog "Interface GigabitEthernet2, state change downstairs" event model
order cli action 1 'enable '.
Action 2 syslog priority to information msg "command, LAN_interface_Link_down is running on C1-GrandView-PA-CSR1000-Recover... »
3 wait 5 action
Action4 cli command "configures terminal.
action 5 'interface range t3 - 4 cli command.
action 6 'closed' cli command
Action 7 cli command 'end '.
LAN_interface_Link_up event manager applet
syslog event model "Interface GigabitEthernet2, altered state until.
order cli action 1 'enable '.
action 2 cli command "configures terminal.
action 3 'interface range t3 - 4 cli command.
Action4 "not shut" cli command
Action 5 cli command 'end '.
6 wait 15 action
Action 7 syslog priority to information msg "command, LAN_interface_Link_up is running on C1-GrandView-PA-CSR1000-Recover... »
Next_Hop_LAN_Unreachable event manager applet
event track 10 low maxrun 40
order cli action 1 'enable '.
Action 2 syslog priority to information msg "command, Next_Hop_LAN_Unreachable is running on C1-GrandView-PA-CSR1000-Recover... »
3 wait 5 action
Action4 cli command "configures terminal.
action 5 'interface range t3 - 4 cli command.
action 6 'closed' cli command
Action 7 cli command 'end '.
Next_Hop_LAN_Reachable event manager applet
event track 10 status place maxrun 40
order cli action 1 'enable '.
action 2 cli command "configures terminal.
action 3 'interface range t3 - 4 cli command.
Action4 "not shut" cli command
Action 5 cli command 'end '.
6 wait 15 action
Action 7 syslog priority to information msg "command, Next_Hop_LAN_Reachable is running on C1-GrandView-PA-CSR1000-Recover... »

You can use the action of information to gather the hostname:

routername type info action 1.0

message from syslog to action 2.0 "my name is $_info_routername.

Monitoring dual-core (supervisor engine 7-E) with a Script of the EEM.

Hello

I have a Cisco Catalyst 4500th 7-E supervisor engine and set up an EEM Script to monitor the dual core CPU Utilization by PRTG Network Monitor.

authorization of dualcore event manager applet work around

cron cron-event timer entry ' * * 0-6.

!

action 100 cli command "en".

action 120 cli command "see treat cpu | include five ".

!

action 220 regexp "Core 0: CPU utilization for five seconds: ([^ %] +) %; a minute: ([^ %] +); five minutes: ([^ %] +) %. ' * ' $_cli_result result c0cpu5sec c0cpu1min c0cpu5min

the 240 action if $_regexp_result eq 1

end of the 260 action

!

action 320 regexp ' Core 1: CPU utilization for five seconds: ([^ %] +) %; a minute: ([^ %] +); five minutes: ([^ %] +) %. ' * ' $_cli_result result c1cpu5sec c1cpu1min c1cpu5min

the 340 action if $_regexp_result eq 1

360 action ended

!

action 440, «config t» cli command

action 441 cli command "snmp mib expression owner cisco name c0cpu5sec.

action 442 cli command "$c0cpu5sec expression".

action 443 cli command "snmp mib expression owner cisco name c0cpu1min.

action 444 cli command "$c0cpu1min expression".

action 445 cli command "snmp mib expression owner cisco name c0cpu5min.

action 446 cli command "$c0cpu5min expression".

!

action 550, order cli "config t.

action 551 cli command "snmp mib expression owner cisco name c1cpu5sec.

action 552 cli command "$c1cpu5sec expression".

action 553 cli command "snmp mib expression owner cisco name c1cpu1min.

action 554 cli command "$c1cpu1min expression".

action 555 cli command "snmp mib expression owner cisco name c1cpu5min.

action 556 cli command "$c1cpu5min expression".

!

action 600 cli command 'end '.

!

end

It works fine, but on the recording buffer there are a lot of % SYS-5-CONFIG_I: configured from console by the vty0 (EEM:moncores) messages - one per minute - here is an example:

Oct 29 17:54:01: % SYS-5-CONFIG_I: configured from console by the vty0 (EEM:dualcore)

29 Oct 17:55:01: % SYS-5-CONFIG_I: configured from console by the vty0 (EEM:dualcore)

29 Oct 17:56:01: % SYS-5-CONFIG_I: configured from console by the vty0 (EEM:dualcore)

29 Oct 17:57:01: % SYS-5-CONFIG_I: configured from console by the vty0 (EEM:dualcore)

I considered logging remove duplicates command allows to prevent the consecutive record from multiple copies of the same system logging (syslog) message, but it is only available for the Cisco IOS XR.

Could someone help me to determine if it is possible to avoid this messages via the on-board system log manager, I tried to do this, but

I did not.

Kind regards

~ Sergio

You have found a bug in the converter. Modify your script and remove the token of type 'game '. Who should not have been in the converted Tcl code.

EEM script to check running-config startup-config changes after reloading

I'm trying to follow a bug that causes some CLIs to disappear from the running-config after you reload the router.

The LCIs were saved in the startup-config before reloading the router.

Is there an EEM to compare the running-config startup-config online with after reload of the router and syslog lines that are missing from the running-config?

You could do something simple like:

Event Manager applet config compare

event timer cron cron-entry "@reboot".

command action 1.0 cli 'enable '.

cli 2.0 action command "show archive config diff nvram:startup - config system: running-config.

post 3.0 action to "[email protected] / * /'from'[email protected] / * /" Server "10.1.1.1" topic "Config diffs" body "$_cli_result".

EEM Script works only with IP SLA

I created script linked to SLA of intellectual property. If the IP SLA is violated, we want the script to run and stop bgp peers and send syslog messages and can send by e-mail. I get alert on ALS IP missed, but nothing else happens so screwed up the script in any way. This is the first time using EEM scripting if any help would be great. Given that we have never used EEM scripting in this place the version that we would use is the default version provided with SRI 4451 in 2015. I do not know if what counts.

Thank you

ALS IP 1
ICMP-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
threshold 2
frequency 5
IP SLA annex 1 point of life to always start-time now
activate the IP sla response alerts

track 1 accessibility of als 1 ip

Event manager E-MAIL ISSUE INTERNET SERVICE PROVIDER environment
Event Manager environment _email_server 10.1.1.3
Event Manager environment _email_to [email protected] / * /
Event Manager environment _email_from [email protected] / * /

BGP_NEIGHBOR_DOWN event manager applet
SHUTDWON BGP PEERING description IF IT IS PROVIDER of QUESTION
event track 1 State
command action 1.0 cli 'enable '.
Action 1.1, «config t» cli command
Action 1.2 cli command 'router bgp 10125 ".
Action 1.3 cli command "neighbor x.x.x.x stop."
Action 1.4 cli command "end".
Action 1.5 syslog-msg 'PROVIDER NETWORK PROBLEM DETECTED, BGP PEERING SHUTDOWN. '
EMAIL_BGP_PEER_DOWN event manager applet
Description EMAIL BGP PEER DOWN
event track 1 State
action 1.1 mail server "$_email_server" to "$_email_t" of ' $_email_from ' topic ' vendor number: PING FAILED "body"Ping Google's failed. "
Action 1.2 syslog msg ' EMAIL SENT to $_email_to.
!

Then configure:

Event manager cli username USER session

Where the USER is a user authorized to execute all CLI commands in your strategies of EEM. Or add "auth bypass" at the end of each config applet.

Warnings of power transceiver optics EEM

I am wanting a script that will generate a message to syslog for alarms and warnings of power tx/rx combine. I would like to use the 'inter radio show' command that generates output similar to the output below (see also the output file attached)

switch6504 #show inter transceiver

port temp volts current tx power optical rx optical power

Te3/7 34.1 0.00 41.8 -- -2.0 - - -5.1 -

Note: A single hyphen after number is a warning and a double hyphen is an alarm

I'm eager to EEM script to generate a message to syslog for the warning or alarm power tx/rx. Two messages different syslog:

(1) syslog = 'has $interface of an alarm of tx/rx optical power.

(2) syslog = '$interface has a warning of tx/rx optical power.

I am only concerned the tx/rx power. I would like the script runs every 30 minutes. If there is a warning alarm / on an interface to send a syslog once every 24 hours, while the conditions are still met.

I started the script (see attachment), and I'd appreciate any help.

Thank you!!

Give this one a try.

EEM script to match the IP address

Hi all

I do a script EEM when I do a "show ip interface brief | ex Unassigned"it will give the list just the IP address.

Here is the result of my "show ip interface brief | Unassigned ex ".

Interface IP-Address OK? Method State Protocol
FastEthernet0/0 30.1.1.2 YES manual up up
Serial2/0 40.1.1.2 YES manual up up
3.3.3.3 Loopback1 YES manual up up

Heres my current script, it prints only 30.1.1.2. Why it does not match the other IP addresses?

applet Event manager 10
event no yes synchronization
Action 1 cli command "en".
action 2 cli command "show ip int br | ex una ".
Action 3 regexp "([0-9] + \.)" [ 0-9] + \. [0-9] + \. ([0-9] +) "" $_cli_result "ip
Action 5 puts "$ip".

I want the output to be

30.1.1.2

40.1.1.2

3.3.3.3

Something like that.

Thank you

Jonathan

EEM must iterate over the release and extract the ip address.

order cli action 010 'enable '.
action 020 cli command "show ip int brief | ex unass '.
030 action for each line ' $_cli_result '.
action 040 regexp "([0-9] + \.)" [ 0-9] + \. [0-9] + \. ([0-9] +) ' ip '$line '.
045-action if $_regexp_result eq '1 '.
takes action 050 "$ip".
end of the action 060
end of the action 070

Script to run Python with EEM on Nexus 9K

Hello!

I am trying to run the example provided in the following link for "Running Scripts with Embedded Event Manager":

http://www.Cisco.com/c/en/us/TD/docs/switches/Datacenter/nexus9000/SW/6-...

Here is my configuration of the Nexus 9 K switch EEM:

NX9K-autonomous-Pod-1 # sh run EEM

! Command: show running-config EEM
! Time: Sat Nov 15 09:54:52 2014

version 6.1 (2) I3 (1)
Event Manager applet a1
cli event corresponds to "display the clock.
Action 1 cli python bootflash:pydate.py
2 default event action
Action 3 syslog msg I like EEM

And here is an example of work of pydate.py that I grabbed from GitHub:

GitHub Repo: https://github.com/haya14busa/pydate/blob/master/pydate.py

NX9K-autonomous-Pod-1 # python bootflash:pydate.py
DATETIME = 2014-11-15 09:47:03
TIMESTAMP = 1416044823
DateTime: 2014-11-15 09:47:03-> TimeStamp: 1416044823
TimeStamp: 1416044823-> DateTime: 2014-11-15 09:47:03
NX9K-autonomous-Pod-1 #.

Finally, here is what happens when I run the command 'See the clock' in an attempt to trigger the EEM applet:

NX9K-autonomous-Pod-1 # sh clock
09:54:58.746 UTC Saturday, November 15, 2014
NX9K-autonomous-Pod-1 # 2014 Nov 15 09:54:58 NX9K-autonomous-Pod-1% VSHD-5-VSHD_SYSLOG_CONFIG_I: configured for the vty by admin on vsh.8883
2014-15 Nov 09:54:58 NX9K-autonomous-Pod-1% VSHD-5-VSHD_SYSLOG_CONFIG_I: configured for the vty by admin on vsh.8894

Any help is appreciated!

The syslog message must come before the 'event' by default. As for what the Python script prints, it won't happen when she is called to the EEM. But you may like the Cisco.com article says, look at the log to make sure that the script ran.

EEM to extract IP addr of syslog

Similar Questions

Maybe you are looking for