MAIN‎ > ‎Networking‎ > ‎NET-NOTES‎ > ‎

Cisco IOS Embedded Event Manager

posted Sep 12, 2014, 8:24 PM by Leszek Pilat   [ updated Sep 12, 2014, 8:27 PM ]
The gadget spec URL could not be found




Overview

Below diagram is representation of EEM system:

Eem.jpg

Event Detectors

The event detectors (sometimes referred to as "event publisher") notifiy the EEM server when an event of interest occurs.

Here is a list of relevant event detectors, and when they are triggered:

  • Command-Line Interface (CLI) Event Detector - triggered when specific command is entered via CLI; uses a regular expression match
  • Enhanced-Object-Tracking Event Detector - Status of tracked object changes
  • Interface-Counter Event Detector - Cisco IOS interface counter for a specific interface crosses a threshold
  • SNMP Event Detector - Poll a SNMP MIB variable, trigger event when variable reaches threshold
  • Syslog Event Detector - regular expression match of a locally generated syslog message
  • Timers Event Detector - timer events including absolute day/time, countdown to zero, or watchdog timer.
  • None Event Detector - "event manager run" CLI command executes an EEM policy

You specify an event using the "event" keyword in (config-applet)# mode.

Actions

Once you have defined your event, you specify some action to take once that event occurs. Some relevant actions:

  • CLI action (run some CLI commads)
  • SYSLOG action (generate syslog)
  • SNMP trap action
  • Reading / setting state of tracked object
  • mail action (send email)
  • Calling another EEM applet

EEM applets may have only 1 event, but multiple actions. Actions are executed in the order of their "labels" (second parameter specified for each action).

Configuration

Configuration is in three parts:

Specify an applet name

(config)# event manager applet memory-fail

Specify an event to match

(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type exact entry-op lt entry-val 5120000 poll-interval 90 

this event triggers when system memory falls below 512MB.

(config-applet)# event syslog pattern "Interface GigabitEthernet0/0, changed state to down" occurs 3

this event triggers when a syslog message that matches the above pattern is generated. Occurs 3 means event happens after 3 occurances of SYSLOG message.

(config-applet)# event cli pattern "write mem.^" sync yes

When CLI pattern i smatched, event is triggered. sync determines if CLI command is executed synchronously (sync=yes) with the EEM actions, or if EEM action is taken and then CLI command is run (sync=no).

(config-applet)# event timer watchdog time 60

EEM action is taken everytime timer expires (and then timer resets). In this case, execute action once every minute.

(config-applet)# event none

When event none is specified, you manually active the EEM applet using the "event manager run" command.

Specify an action to take

CLI action

Essentially opens a VTY session and executes the commands. First action cli item must always be the "enable" command to ensure subsequent commands run at privilege level 15 (no password needs to be specified). If you want to configure something with the CLI action, don't forget the second item must be "config t". You can debug CLI actions with "debug event manager action cli."

Here is an example of a set of CLI actions to clear counters on interface E0/1:

(config-applet)# action 1.0 cli command "enable"
(config-applet)# action 2.0 cli command "clear counters Ethernet0/1" pattern "confirm"
(config-applet)# action 3.0 cli command "y"

The "pattern" keyword as seen in line 2 of above example is used when the output of a command does not return the exec-level prompt (router> or router#). This can happen when output contains more than one page resulting in a " --More--", requires confirmation "[confirm]", or requires additional input (for example a ping with extended options). Specifying a pattern tells IOS to wait for this pattern instead of the exec prompt.SYSLOG action:(config-applet)# action 1.0 syslog priority critical msg "Memory Exhausted; current available memory is $snmp_oid_val bytes."Mail action:(config-applet)# action 2.0 mail server 192.168.1.10 to engineering@example.com from devtest@example.com subject "Memory failure" body "Memory exhausted; current available memory is $_snmp_oid_val bytes"

Verification

Useful EEM commands

#show event manager policy registered
#show event manager history events

Useful EEM debug commands

#debug event manager action cli

Examples

Embedded Event Manager - Interface - No Shut

EEM being used to monitor an interface and perform a "no shut" if the interface state changes to down

event manager applet F0/1
 event syslog pattern "Interface FastEthernet0/1, changed state to down"
 action 1.0 cli command "enable"
 action 1.1 cli command "config terminal"
 action 1.2 cli command "interface fas 0/1"
 action 1.3 cli command "no shut"
 action 9.5 syslog msg "FastEthernet0/1 is UP leveraging EEM"

Embedded Event Manager - Default Route

Here is a EEM Scenario Question:

Provide a solution that provides failover capabilities from the primary link to the backup link and failback capabilities from the backup link to the primary link. You must send a syslog message stating "Failed over to the Backup Link" during failover and a syslog message "Failed Back to the Primary Link" when failing back.

Requirements:

  • You cannot use IP SLA
  • You cannot use dynamic routing on R1
  • You cannot modify the current routing configuration on R2 and R4
  • You cannot use static floating routes on R1

EEM-Routing.png

R1

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
interface Serial1/0
 ip address 10.0.1.1 255.255.255.0
interface Serial1/1
 ip address 10.0.0.1 255.255.255.0

R2

interface FastEthernet0/0
 ip address 192.168.0.2 255.255.255.0
interface Serial1/0
 ip address 10.0.1.2 255.255.255.0
router rip
 version 2
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.0.0.0
 network 192.168.0.0
 no auto-summary
ip route 192.168.1.0 255.255.255.0 Serial1/0

R4

interface FastEthernet0/0
 ip address 192.168.0.4 255.255.255.0
interface Serial1/0
 ip address 10.0.0.4 255.255.255.0
router rip
 version 2
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.0.0.0
 network 192.168.0.0
 no auto-summary
ip route 192.168.1.0 255.255.255.0 Serial1/0

Give it a try --- Solution Below

Solution

There are many ways to tackle an issue and in this case I choose to leverage object tracking and EEM (Embedded Event Manager provides real-time network event detection and automation)

track 1 interface Serial1/0 line-protocol
ip route 0.0.0.0 0.0.0.0 Serial1/0
event manager applet Primary-Backup
 event syslog pattern "1 interface Se1/0 line-protocol Up->Down"
 action 1.0 cli command "enable"
 action 2.0 cli command "configure terminal"
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/0"
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/1"
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed over to the Backup Link"
event manager applet Backup-Primary
 event syslog pattern "1 interface Se1/0 line-protocol Down->Up"
 action 1.0 cli command "enable"
 action 2.0 cli command "configure terminal"
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/1"
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/0"
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed Back to the Primary Link"

Explanation

track 1 interface Serial1/0 line-protocol - (this tracks the line protocol of the interface, we could have used IP SLA but the requirements prohibited us from doing so)
ip route 0.0.0.0 0.0.0.0 Serial1/0 - (Default route using the primary link)
event manager applet Primary-Backup - (Name of the EEM Applet)
 event syslog pattern "1 interface Se1/0 line-protocol Up->Down" - (Syslog message generated from object tracking 1 configuration")
 action 1.0 cli command "enable" - (command to put the applet into enable mode)
 action 2.0 cli command "configure terminal" - (command to put the applet into global configuration mode)
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/0" - (command to remove the default route pointing to the primary link)
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/1" - (command to add the default route pointing to the backup link)
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed over to Backup Link" - (Create syslog message based on the requirements)
event manager applet Backup-Primary - (Name of the EEM Applet)
 event syslog pattern "1 interface Se1/0 line-protocol Down->Up" - (Syslog message generated from object tracking 1 configuration")
 action 1.0 cli command "enable" - (command to put the applet into enable mode)
 action 2.0 cli command "configure terminal" - (command to put the applet into global configuration mode)
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/1"   - (command to remove the default route pointing to the backup link)
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/0"  - (command to add the default route pointing to the primary link)
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed Back to the Primary Link" - (Create syslog message based on the requirements)

The gadget spec URL could not be found