Show Event Manager Policy Registered

Whilst studying EEM I discovered the command  show event manager policy registered it basically shows you the policies you have registered on your device.

When you create a policy it just needs and event and an action and it will self register.

Lets create a simple script that will look for a command being typed onto the CLI and then action on it.

This policy will monitor for anyone typing router ospf, and then if they do, will not action the command and then put up a syslog message saying No OPSF here!


R1(config)#event manager applet OSPF
R1(config-applet)#event cli pattern “router os*” sync no skip yes
R1(config-applet)#action 1.0 syslog msg “OSPF is not allowed”
R1(config-applet)#exit
R1(config)#exit
R1#show event manager policy registered
*Mar  1 00:02:35.903: %SYS-5-CONFIG_I: Configured from console by console
R1#show event manager policy registered
No.  Class   Type    Event Type          Trap  Time Registered           Name
1    applet  user    cli                 Off   Fri Mar 1 00:02:34 2002   OSPF
pattern {router os*} sync no skip yes
maxrun 20.000
action 1.0 syslog msg “OSPF is not allowed”

Let’s break this down line by line

1. First  you have to define an applet – event manager applet OSPF
2. Next  you define an event, in this case we are matching a cli pattern of router os* so basiclaly anything starting router os
The next two command are very important from the cli options
no   Policy and CLI will run asynchronously
yes  Run policy and the result determines whether to run CLI
Basically if you put no the command will not run, if  you put yes the command will run

3. When the cli pattern is matched a syslog message will be generated

To check what EEM scripts  you have registered on your device you enter the command
show event manager policy registered
the output can be seen above

Filed Under: CCIE Lab Tagged With: ,

EEM script to monitor routing table

I have just started to study EEM and look into the amazing power this has. The script below I now use in production to monitor routing changes on the network.  Any change to the routing table is instantly emailed to me, I am just working on tweaking this script as it does email every single change and I need to configure it to bundle all changes in a time period into one email

When I figure how to do this I will post the updated script.

event manager applet route-table-monitor
event routing network 0.0.0.0/0 ge 1
action 0.5 set msg “Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface”
action 1.0 syslog msg “$msg”
action 2.0 cli command “enable”
action 4.0 info type routername
action 5.0 mail server “(IP of Mail server)” to “(email address)” from “(device name)” subject “Routing Table Change” body “$msg $_cli_result”

Just put this config into the device and ensure your mail server will relay mail and it will work a treat!

Filed Under: EEM Tagged With: ,

EEM script to report config change

This short post is just so I can tell you about an EEM script I have setup to report on any config changes on some core routers.

Any change to the config will be immediatly reported to me via an email

The script is very simple, just apply to your device and replace the ** in action 1.3 with your relevant details.

 

event manager applet mail_cfg_chg

event syslog pattern “.*%SYS-5-CONFIG_I.*”

action 1.0 info type routername

action 1.1 cli command “enable”

action 1.2 cli command “show archive log config all”

action 1.3 mail server “10.*.*.*” to “roger@******” from “****@**.com” subject “Config change on ****” body “$_cli_result”

action 1.4 cli command “clear archive log config force”

The script makes use of the archive log and clears the log after emailing the changes.

I will post more scripts as I am working on one to report a routing change.

Filed Under: EEM Tagged With:

cisco documentation cd – embedded event manager

The Cisco Doc CD or Documentation CD is the common name referring to the wealth of documentation that is on cisco’s website. It used to be available to purchase on a CD hence the name Doc CD – It is now a DVD. However the most up to date place to find documentation on any cisco product or technology is on their website.

The current location for the Documentation CD is http://www.cisco.com/cisco/web/psa/configure.html

As a CCIE candidate knowing your way around this section of the cisco website is invaluable as during the CCIE Lab Exam you do have access to all the documentation available here.

The search function is disabled so you have to know where everything lives.

I will be posting a series of posts detailing locations of various topics over the next few months.

As a starter for 10 – where on the Doc CD is the documentation for EEM – Embedded Event Manager?

Go to www.cisco.com

It is under Support / Configure / Cisco IOS / 12.4T / Configuration Guides / Network Management / Cisco IOS Network Management Configuration guide.

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html

I will be posting more here as a  work through and find them all.

Later..

Filed Under: Cisco Documentation CD Tagged With: , , ,