advertisement
Embedded Event Manager Configuration Guide
First Published: November 28, 2012
Last Modified: April 01, 2013
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright
©
1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks
. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
©
2016 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
C H A P T E R 1
C H A P T E R 2
C H A P T E R 3
Embedded Event Manager Overview
Information About Embedded Event Manager
Embedded Event Manager 2.1 (Software Modularity)
EEM Event Detectors Available by Cisco IOS Release
EEM Actions Available by Cisco IOS Release
Embedded Event Manager Actions
Embedded Event Manager Environment Variables
Embedded Event Manager Policy Creation
Feature Information for Embedded Event Manager 4.0 Overview
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Configuration Guide iii
Contents
Prerequisites for Writing EEM Policies Using the Cisco IOS CLI
Information About Writing EEM Policies Using the Cisco IOS CLI
Embedded Event Manager Policies
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
How to Write EEM Policies Using the Cisco IOS CLI
Registering and Defining an Embedded Event Manager Applet
Alphabetical Order of EEM Action Labels
Registering and Defining an Embedded Event Manager Policy to Run Manually
Unregistering Embedded Event Manager Policies
Suspending All Embedded Event Manager Policy Execution
Displaying Embedded Event Manager History Data
Displaying Embedded Event Manager Registered Policies
Configuring Event SNMP Notification
Configuring Multiple Event Support
Setting the Event Configuration Parameters
Configuring EEM Class-Based Scheduling
Holding a Scheduled EEM Policy Event or Event Queue
Resuming Execution of EEM Policy Events or Event Queues
Clearing Pending EEM Policy Events or Event Queues
Modifying the Scheduling Parameters of EEM Policy Events or Event Queues
Verifying Class-Based Scheduled Activities of EEM Policies
Verifying Class-Based Active EEM Policies
Verifying Pending EEM Policies
Configuring EEM Applet (Interactive CLI) Support
Reading and Writing Input from the Active Console for Synchronous EEM
Reading Input from the Active Console
Writing Input to the Active Console
Configuring SNMP Library Extensions
iv
Embedded Event Manager Configuration Guide
Contents
SNMP Traps and Inform Requests
Configuring EEM Applet for SNMP Get and Set Operations
Configuring EEM Applet for SNMP OID Notifications
Configuring Variable Logic for EEM Applets
Configuring Variable Logic for EEM Applets
Specifying a Loop of Conditional Blocks
Specifying if else Conditional Blocks
Specifying foreach Iterating Statements
Incrementing the Values of Variables
Configuring Description of an Embedded Event Manager Applet
Configuration Examples for Writing EEM Policies Using the Cisco IOS CLI
Embedded Event Manager Applet Configuration Examples
Configuration Examples for Embedded Event Manager Applet
Example Identity Event Detector
Example Neighbor-Discovery Event Detector
Embedded Event Manager Manual Policy Execution Examples
Embedded Event Manager Watchdog System Monitor (Cisco IOS) Event Detector Configuration
Configuration SNMP Library Extensions Examples
SNMP GetID Operations Examples
Generating SNMP Notifications Examples
Configuring Variable Logic for EEM Applets Examples
Configuring Event SNMP-Object Examples
Configuring Description of an EEM Applet Examples
Embedded Event Manager Configuration Guide v
Contents
C H A P T E R 4
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Writing Embedded Event Manager Policies Using Tcl
Prerequisites for Writing Embedded Event Manager Policies Using Tcl
Information About Writing Embedded Event Manager Policies Using Tcl
EEM Policy Tcl Command Extension Categories
General Flow of EEM Event Detection and Recovery
Cisco File Naming Convention for EEM
How to Write Embedded Event Manager Policies Using Tcl
Registering and Defining an EEM Tcl Script
Displaying EEM Registered Policies
Suspending EEM Policy Execution
Modifying History Table Size and Displaying EEM History Data
Displaying Software Modularity Process Reliability Metrics Using EEM
Modifying the Sample EEM Policies
Programming EEM Policies with Tcl
Tcl Policy Structure and Requirements
EEM Policies and Cisco Error Number
Creating an EEM User Tcl Library Index
Creating an EEM User Tcl Package Index
Configuration Examples for Writing Embedded Event Manager Policies Using Tcl
Assigning a Username for a Tcl Session Examples
vi
Embedded Event Manager Configuration Guide
Contents
C H A P T E R 5
EEM Event Detector Demo Examples
Programming Policies with Tcl Sample Scripts Example
Debugging Embedded Event Manager Policies Examples
Tracing Tcl set Command Operations Example
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Prerequisites for Signed Tcl Scripts
Restrictions for Signed Tcl Scripts
Information About Signed Tcl Scripts
How to Configure Signed Tcl Scripts
Converting the Signature into Nonbinary Data
Configuring the Device with a Certificate
Verifying the Signed Tcl Script
Configuration Examples for Signed Tcl Script
Generating a Certificate Example
Signing the Tcl Scripts Example
Verifying the Signature Example
Converting the Signature with Nonbinary Data Example
Configuring the Device with a Certificate Example
Feature Information for Signed Tcl Scripts
Embedded Event Manager Configuration Guide vii
Contents
C H A P T E R 6
C H A P T E R 7
C H A P T E R 8
EEM Action Tcl Command Extension
EEM CLI Library Command Extensions 219
EEM CLI Library XML-PI Support 231
viii
Embedded Event Manager Configuration Guide
Contents
C H A P T E R 9
C H A P T E R 1 0
C H A P T E R 1 1
EEM Context Library Command Extensions 241
EEM Event Registration Tcl Command Extensions
event_register_neighbor_discovery
event_register_snmp_notification
event_register_timer_subscriber
EEM Event Tcl Command Extensions
Embedded Event Manager Configuration Guide ix
Contents
C H A P T E R 1 2
C H A P T E R 1 3
C H A P T E R 1 4
C H A P T E R 1 5
C H A P T E R 1 6
EEM Library Debug Command Extensions
EEM Multiple Event Support Tcl Command Extensions 367
EEM SMTP Library Command Extensions 371
EEM System Information Tcl Command Extensions
EEM Utility Tcl Command Extensions
x
Embedded Event Manager Configuration Guide
Contents
Embedded Event Manager Configuration Guide xi
Contents xii
Embedded Event Manager Configuration Guide
C H A P T E R
1
Read Me First
Important Information about Cisco IOS XE 16
Effective Cisco IOS XE Release 3.7.0E (for Catalyst Switching) and Cisco IOS XE Release 3.17S (for
Access and Edge Routing) the two releases evolve (merge) into a single version of converged release—the
Cisco IOS XE 16—providing one release covering the extensive range of access and edge products in the
Switching and Routing portfolio.
Note
The Feature Information table in the technology configuration guide mentions when a feature was introduced. It might or might not mention when other platforms were supported for that feature. To determine if a particular feature is supported on your platform, look at the technology configuration guides posted on your product landing page. When a technology configuration guide is displayed on your product landing page, it indicates that the feature is supported on that platform.
Embedded Event Manager Configuration Guide
1
2
Embedded Event Manager Configuration Guide
Read Me First
C H A P T E R
2
Embedded Event Manager Overview
Embedded Event Manager (EEM) is a distributed and customized approach to event detection and recovery offered directly in a Cisco IOS device. EEM offers the ability to monitor events and take informational, corrective, or any desired EEM action when the monitored events occur or when a threshold is reached. An
EEM policy is an entity that defines an event and the actions to be taken when that event occurs.
This module contains a technical overview of EEM. EEM can be used alone, or with other network management technologies to help monitor and maintain your network. Before you begin to implement EEM, it is important that you understand the information presented in this module.
•
Finding Feature Information, page 3
•
Information About Embedded Event Manager, page 3
•
•
Feature Information for Embedded Event Manager 4.0 Overview, page 23
•
Additional References, page 27
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn . An account on Cisco.com is not required.
Information About Embedded Event Manager
Embedded Event Manager
Event tracking and management has traditionally been performed by devices external to the networking device.
Embedded Event Manager (EEM) has been designed to offer event management capability directly in Cisco
Embedded Event Manager Configuration Guide
3
Embedded Event Manager Overview
Embedded Event Manager
IOS devices. The on-device, proactive event management capabilities of EEM are useful because not all event management can be done off device because some problems compromise communication between the device and the external network management device. Capturing the state of the device during such situations can be invaluable in taking immediate recovery actions and gathering information to perform root-cause analysis.
Network availability is also improved if automatic recovery actions are performed without the need to fully reboot the routing device.
EEM is a flexible, policy-driven framework that supports in-box monitoring of different components of the system with the help of software agents known as event detectors. The figure below shows the relationship between the EEM server, core event publishers (event detectors), and the event subscribers (policies). Basically, event publishers screen events and publish them when there is a match on an event specification that is provided by the event subscriber. Event detectors notify the EEM server when an event of interest occurs. The EEM policies that are configured using the Cisco command-line interface (CLI) then implement recovery on the basis of the current state of the system and the actions specified in the policy for the given event.
EEM offers the ability to monitor events and take informational or corrective action when the monitored events occur or when a threshold is reached. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration. A script is a form of policy that is written in Tool Command Language (Tcl).
Figure 1: Embedded Event Manager Core Event Detectors
4
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Embedded Event Manager 1.0
Note
If your network has a higher version of EEM, that version would include the previous releases of EEM version as well.
Embedded Event Manager 1.0
EEM 1.0 introduced Embedded Event Manager. EEM 1.0 introduced the following event detectors:
• SNMP—The Simple Network Management Protocol (SNMP) event detector allows a standard SNMP
MIB object to be monitored and an event to be generated when the object matches specified values or crosses specified thresholds.
• Syslog—The syslog event detector allows for screening syslog messages for a regular expression pattern match.
EEM 1.0 introduced the following actions:
• Generating prioritized syslog messages.
• Generating a Cisco Networking Services (CNS) event for upstream processing by CNS devices.
• Reloading the Cisco software.
• Switching to a secondary processor in a fully redundant hardware configuration.
Embedded Event Manager 2.0
EEM 2.0 introduced some new features. EEM 2.0 introduced the following event detectors:
• Application-Specific—The application-specific event detector allows any Embedded Event Manager policy to publish an event.
• Counter—The counter event detector publishes an event when a named counter crosses a specified threshold.
• Interface Counter—The interface counter event detector publishes an event when a generic Cisco IOS interface counter for a specified interface crosses a defined threshold.
• Timer—The timer event detector publishes events for the following four different types of timers: absolute-time-of-day, countdown, watchdog, and CRON.
• Watchdog System Monitor (IOSWDSysMon)—The Cisco IOS watchdog system monitor event detector publishes an event when CPU or memory utilization for a Cisco IOS process crosses a threshold.
EEM 2.0 introduced the following actions:
• Setting or modifying a named counter.
• Publishing an application-specific event
• Generating an SNMP trap.
Embedded Event Manager Configuration Guide
5
Embedded Event Manager Overview
Embedded Event Manager 2.1
The ability to run a Cisco defined sample policy written using Tool Command Language (Tcl) was introduced.
A sample policy was provided that could be stored in the system policy directory.
Embedded Event Manager 2.1
EEM 2.1 and introduced some new features. EEM 2.1 introduced the following new event detectors:
• CLI—The CLI event detector screens command-line interface (CLI) commands for a regular expression match.
• None—The none event detector publishes an event when the Cisco IOS event manager run command executes an EEM policy.
• OIR—The online insertion and removal (OIR) event detector publishes an event when a particular hardware insertion or removal event occurs.
EEM 2.1 introduced the following actions:
• Executing a Cisco CLI command.
• Requesting system information when an event occurs.
• Sending a short e-mail.
• Manually running an EEM policy.
EEM 2.1 also permits multiple concurrent policies to be run using the new event manager scheduler script command. Support for SNMP event detector rate-based events is provided as is the ability to create policies using Tool Command Language (Tcl).
Embedded Event Manager 2.1 (Software Modularity)
EEM 2.1 (Software Modularity) is supported on Cisco Software Modularity images. EEM 2.1 (Software
Modularity) introduced the following event detectors:
• GOLD—The Generic Online Diagnostic (GOLD) event detector publishes an event when a GOLD failure event is detected on a specified card and subcard.
• System Manager—The system manager event detector generates events for Cisco IOS Software
Modularity process start, normal or abnormal stop, and restart events. The events generated by the system manager allows policies to change the default behavior of the process restart.
• Watchdog System Monitor (WDSysMon)—The Cisco Software Modularity watchdog system monitor event detector detects infinite loops, deadlocks, and memory leaks in Cisco IOS Software Modularity processes.
EEM 2.1 for Software Modularity introduced the ability to display EEM reliability metric data for processes.
Note
EEM 2.1 for Software Modularity images also supports the resource and RF event detectors introduced in EEM 2.2, but it does not support the enhanced object tracking event detector or the actions to read and set tracked objects.
6
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Embedded Event Manager 2.2
Embedded Event Manager 2.2
EEM 2.2 introduced some new features. EEM 2.2 introduced the following event detectors:
• Enhanced Object Tracking—The enhanced object tracking event detector publishes an event when the tracked object changes. Enhanced object tracking provides complete separation between the objects to be tracked and the action to be taken by a client when a tracked object changes.
• Resource—The resource event detector publishes an event when the Embedded Resource Manager
(ERM) reports an event for the specified policy.
• RF—The redundancy framework (RF) event detector publishes an event when one or more RF events occur during synchronization in a dual Route Processor (RP) system. The RF event detector can also detect an event when a dual RP system continuously switches from one RP to another RP (referred to as a ping-pong situation).
EEM 2.2 introduced the following actions:
• Reading the state of a tracked object.
• Setting the state of a tracked object.
Embedded Event Manager 2.3
EEM 2.3 is supported on the Cisco Catalyst 6500 Series switches and introduces enhancements to the Generic
Online Diagnostics (GOLD) Event Detector on that product.
• The event gold command was enhanced with the addition of the action-notify, testing-type, test-name,
test-id, consecutive-failure, platform-action, and maxrun keywords for improved reaction to GOLD test failures and conditions.
• The following platform-wide GOLD Event Detector information can be accessed through new read-only
EEM built-in environment variables:
• Boot-up diagnostic level
• Card index, name, serial number
• Port counts
• Test counts
• The following test-specific GOLD Event Detector information can be accessed through new read-only
EEM built-in environment variables (available to EEM applets only):
• Test name, attribute, total run count
• Test result per test, port, or device
• Total failure count, last fail time
• Error code
• Occurrence of consecutive failures
Embedded Event Manager Configuration Guide
7
Embedded Event Manager Overview
Embedded Event Manager 2.4
These enhancements result in reduced mean time to recovery (MTTR) and higher availability through improved automation and fault detection.
Embedded Event Manager 2.4
EEM 2.4 introduced the following event detectors:
• SNMP Notification—The SNMP notification event detector provides the ability to intercept SNMP trap and inform messages coming into the device. An SNMP notification event is generated when an incoming
SNMP trap or inform message matches specified values or crosses specified thresholds.
• RPC—The remote procedure call (RPC) event detector provides the ability to invoke EEM policies from outside the device over an encrypted connection using Secure Shell (SSH). The RPC event detector uses
Simple Object Access Protocol (SOAP) data encoding for exchanging XML-based messages. This event detector can be used to run EEM policies and then receive output in a SOAP XML-formatted reply.
EEM 2.4 added enhancements to the following event detectors:
• Interface counter rate-based trigger—This feature adds the ability for an interface event to be triggered based on a rate of change over a period of time. A rate can be specified both for the entry value and the exit value. This feature copies the rate-based functionality that currently exists for the SNMP event detector.
• SNMP delta value—The difference between the monitored Object Identifier (OID) value at the beginning of the monitored period and the actual OID value when the event is published will be provided in the
event reqinfo data for both the SNMP event detector and the Interface Counter event detector.
EEM 2.4 introduced the following actions:
• Multiple event support—The ability to run multiple events was introduced. and show event manager commands were enhanced to show multiple events.
• Support for parameters—The parameter argument has been added to the event manager run command.
A maximum of 15 parameters can be used.
• Display of Job IDs and completion status--Some of the show event manager commands were enhanced to display Job IDs and completion status.
• Bytecode support—Tcl 8 defines a specialized bytecode language (BCL) and includes a just-in-time compiler that translates Tcl scripts to BCL. Byte sequence is executed by a “virtual machine,”
Tcl_ExecuteByteCode(), or TEBC for short, as often as needed. Currently EEM accepts file extensions, such as *.tcl for user policies and *.tm for system policies. Tcl standard extension for bytecode scripts are *.tbc. Now EEM will accept *.tbc as valid EEM policies.
• Registration substitution enhancement—Supports replacing multiple parameters in the event registration statement lines with a single environment variable.
• Tcl package support
Embedded Event Manager 3.0
EEM 3.0 introduces the following new event detectors:
8
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Embedded Event Manager 3.1
• Custom CLI--The custom CLI event detector publishes an event to add and enhance existing CLI command syntax.
• Routing--The Routing event detector publishes an event when route entries change in the Routing
Information Base (RIB).
• NetFlow-- The NetFlow event detector publishes an event when a NetFlow event is triggered.
• IP SLA--The IP SLA event detector publishes an event when an IP SLA reaction is triggered.
EEM 3.0 introduces the following features.
• Class-based scheduling--The EEM policies will be assigned a class using the class keyword when they are registered. EEM policies registered without a class will be assigned to the default class.
• High performance Tcl policies--Three new Tcl commands are introduced event_completion, event_wait, and event_completion_with_wait.
• Interactive cli support--The synchronous applets are enhanced to support interaction with the local console (TTY). Two new IOS commands, action gets and action puts, are introduced to allow users to enter and display input directly on the console.
• Variable logic for applets--The Variable Logic for EEM Applets feature adds the ability to apply conditional logic within EEM applets. Conditional logic introduces a control structure that can change the flow of actions within applets depending on conditional expressions.
• Digital signature support--A new API performs digital signature verification for a Tcl script to check it the script is signed by Cisco before execution.
• Support authenticating e-mail servers--The action mailcommand is modified to include an optional username and password.
• SMTP IPv6 support--The keyword sourceaddr is added in Tcl e-mail templates to specify either an
IPv6 or IPv4 address.
• SNMP library extensions--The EEM applet action info and Tcl sys_reqinfo_snmpcommands are enhanced to include functionality for SNMP getid, inform, trap, and set-type operations.
• SNMP Notification IPv6 support--IPv6 address is supported for the source and destination IP addresses.
• CLI Library XML-PI support--Provides a programmable interface which encapsulates IOS command-line interface (CLI) show commands in XML format in a consistent way across different Cisco products.
Customers using XML-PI will be able to parse IOS show command output from within Tcl scripts using well-known keywords instead of having to depend on the use of regular expression support.
Embedded Event Manager 3.1
EEM 3.1 introduced one new event detector:
• SNMP Object--The Simple Network Management Protocol (SNMP) object trap event detector provides an extension to replace the value when an SNMP trap with the specified SNMP object ID (OID) is encountered on a specific interface or address.
EEM 3.1 added an enhancement to the following event detector:
• SNMP Notification--The SNMP notification event detector now can wait and intercept the outgoing
SNMP traps and informs.
Embedded Event Manager Configuration Guide
9
Embedded Event Manager Overview
Embedded Event Manager 3.2
EEM 3.1 added enhancement to the following action:
• Specify facility--The action syslog command has been enhanced to specify syslog facility.
EEM 3.1 introduces the following features:
• Provides the ability to create a short description for the registered policy--A new description command has been introduced to register policies with a brief description in Cisco IOS CLI and Tcl policies. The
show event manager policy available command and the show event manager policy registered command have been enhanced to add the description keyword to display the description of the registered applet.
• Enables EEM policies to bypass AAA authorization--The event manager application command has been enhanced to provide authorization and bypass keywords to disable AAA.
• Introduces CLI Library enhancements--Provides two new commands in the CLI library: cli_run and
cli_run_interactive.
Embedded Event Manager 3.2
EEM 3.2 introduced the following new event detectors:
• Neighbor Discovery--Neighbor Discovery event detector provides the ability to publish a policy to respond to automatic neighbor detection when:
• a Cisco Discovery Protocol (CDP) cache entry is added, deleted or updated.
• a Link Layer Discovery Protocol (LLDP) cache entry is added, deleted, or updated.
• an interface link status changes.
• an interface line status changes.
• Identity--Identity event detector generates an event when AAA authorization and authentication is successful, when failure occurs, or after normal user traffic on the port is allowed to flow.
• Mac-Address-Table--Mac-Address-Table event detector generates an event when a MAC address is learned in the MAC address table.
Note
The Mac-Address-Table event detector is supported only on switch platforms and can be used only on
Layer 2 interfaces where MAC addresses are learned. Layer 3 interfaces do not learn addresses and devices do not usually support the mac-address-table infrastructure needed to notify EEM of a learned MAC address.
EEM 3.2 also introduces new CLI commands to support the applets to work with the new event detectors.
Embedded Event Manager 4.0
EEM 4.0 introduces the following new features:
• EEM Email Action Enhancements
10
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Embedded Event Manager 4.0
• TLS support for SMTP mail actions—The new optional secure keyword is added to the action
mail CLI with tls and none keyword options. There are no updates to the corresponding Tcl Policy.
• Custom port for SMTP mail actions—The new optional port keyword is added to the action mail
CLI. In the Tcl policy, the port number can be specified by adding a line to the e-mail template.
• EEM Security Enhancements
• Checksum-based script integrity—Where digital signature is not supported or unavailable, users can still enforce some basic integrity check on the TCL policy by using the Unix command openssl
sha1. The new optional checksum, md5, and sha-1 keywords have been added to the event
manager policy command.
• Third-party digital signature support—Requires Tcl secure mode and a trustpoint to associate with the TCL scripts in order to verify the signature.
• Script owner identification—If a policy is successfully registered with a digital signature, the owner
(or signer) of the policy can be identified by using the show event manager policy registered command and checking the Dsig keyword in the show output.
• Registration of remote Tcl policies—The new optionalremote keyword has been added to the
event manager policy command.
• EEM Resource Management
• Resource consumption throttling—The new optional resource-limit keyword has been added to the event manager scheduler command.
• Rate limiting of triggered policies per event—The new optional rate-limit keyword has been added to the event syslog command.
• EEM Usability Enhancements
• File operations in EEM applet actions—The new CLI action file has been added to allow file selection.
• New fields are added in EEM to track statistics of queue size, dropped events, and run-time using the show event manager statistics EXEC command. A set of new clear commands—clear event
manager detector counters and clear event manager server counters —are introduced to clear the event manager queue counters.
• EEM Event Detector Enhancements
• CLI event detector enhancement—Provides the ability to detect the session where the user enters the event cli command. Four new keywords and built-in environmental variables—username,
host, privilege, and tty— are added to the event cli applet and event_reqinfo array names to the
event_register_cli event detector. The show event manager detector EXEC command has also been modified to reflect the enhancement.
• Syslog event detector performance enhancement—Provides the option to perform string matching on specific log message fields. The four new keywords—facility, mnemonic, sequence, and
timestamp keywords— are added to the action syslog command, event syslog command, and to the event_register_syslog event detector. The show event manager detector EXEC command has also been modified to reflect the enhancement.
Embedded Event Manager Configuration Guide
11
Embedded Event Manager Overview
EEM Event Detectors Available by Cisco IOS Release
EEM Event Detectors Available by Cisco IOS Release
EEM uses software programs known as event detectors to determine when an EEM event occurs. Some event detectors are available on every Cisco IOS release, but most event detectors have been introduced in a specific release. Use the table below to determine which event detectors are available in your specific Cisco IOS release. A blank entry (--) indicates that the event detector is not available: the text “Yes” indicates that the event detector is available. The event detectors shown in the table are supported in later releases of the same
Cisco IOS release train. For more details on each event detector, see the Event Detectors concept in the
“Embedded Event Manager Overview” module.
Table 1: Availability of Event Detectors by Cisco IOS Release
Event
Detector
12.2(25)S 12.3(14)T
12.2(18)SXF5
12.2(28)SB
12.2(33)SRA
12.4(2)T
12.2(31)SB3
12.2(33)SRB
12.2(18)SXF4
Cisco
IOS
Software
Modularity
12.2(33)SXH 12.4(20)T
12.2(33)SXI
12.4(22)T
12.2(33)SRE
15.0(1)M
15.1(3)T
Application-Specific Yes Yes Yes Yes Yes Yes Yes Yes
15.1(2)SY 15 E
XE 3E
Yes Yes
CLI
Counter
--
Yes
Yes
Yes
--
Yes
Yes
--
Yes
Yes
--
Yes
Yes
--
Yes
Yes
--
Yes
Yes
Yes
Yes
Yes
Yes
--
Yes
--
Yes
Yes
-Custom
CLI
--
Enhanced
Object
Tracking
--
Environmental --
--
--
Yes
--
--
--
Yes
--
Yes
--
Yes
--
Yes
--
--
--
--
Yes
GOLD
Identity
--
--
Interface
Counter
Yes
IPSLA --
--
--
Yes
--
--
Yes
Yes
--
Yes
Yes
--
Yes
Yes
--
Yes
Yes
--
Yes
Yes
Yes
Yes
--
Yes
--
Yes
Yes
Yes
Mac-Address-Table
Neighbor
Discovery
NF
None
--
--
--
--
--
--
--
--
Yes
--
--
--
--
Yes
--
--
--
--
Yes
--
--
--
--
Yes
--
--
--
--
Yes
Yes
--
--
Yes
Yes
Yes
Yes
Yes
Yes
Yes
--
Yes
Yes
--
Yes
Yes
Yes
Yes
--
Yes
12
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
EEM Event Detectors Available by Cisco IOS Release
SNMP
SNMP
Proxy
SNMP
Notification
--
SNMP
Object
--
Yes
--
Syslog
Timer
Yes
System
Manager
--
Yes
IOSWDSysMon
(Cisco
IOS watchdog)
Yes
WDSysMon
(Cisco
IOS
Software
Modularity watchdog)
--
Event
Detector
12.2(25)S 12.3(14)T
12.2(18)SXF5
12.2(28)SB
12.2(33)SRA
12.4(2)T
12.2(31)SB3
12.2(33)SRB
12.2(18)SXF4
Cisco
IOS
Software
Modularity
12.2(33)SXH 12.4(20)T
12.2(33)SXI
12.4(22)T
12.2(33)SRE
15.0(1)M
15.1(3)T
15.1(2)SY 15 E
XE 3E
OIR -Yes Yes Yes Yes Yes Yes Yes Yes Yes
Resource --Yes Yes Yes Yes Yes Yes ---
RF
RPC
--
Routing --
--
--
--
--
Yes
--
--
Yes
--
--
Yes
--
--
Yes
--
Yes
Yes
Yes
Yes
Yes
Yes
Yes
--
--
Yes
Yes
Yes
--
Yes
--
Yes
--
Yes
--
Yes
--
Yes
--
Yes
--
Yes
--
--
Yes
Yes
--
--
--
Yes
--
Yes
Yes
--
--
--
Yes
--
Yes
Yes
--
--
--
Yes
Yes
Yes
Yes
Yes
--
--
Yes
Yes
Yes
Yes
--
Yes
--
Yes
Yes
Yes
Yes
--
Yes
--
Yes
Yes
Yes
Yes
--
Yes
Yes
Yes
Yes
Yes
Yes
--
--
Yes
Yes
Yes
--
--
Yes
Yes
Yes
--
Yes
Yes
--
Embedded Event Manager Configuration Guide
13
Embedded Event Manager Overview
Event Detectors
Event Detectors
Embedded Event Manager (EEM) uses software programs known as event detectors to determine when an
EEM event occurs. Event detectors are separate systems that provide an interface between the agent being monitored, for example Simple Network Management Protocol (SNMP), and the EEM policies where an action can be implemented. Some event detectors are available on every Cisco IOS release, but most event detectors have been introduced in a specific release. For details of which event detector is supported in each
Cisco IOS release, see the EEM Event Detectors Available by Cisco IOS Release concept in the “Writing
Embedded Event Manager Policies Using the Cisco IOS CLI” or the “Writing Embedded Event Manager
Policies Using Tcl” modules. EEM contains the following event detectors.
Application-Specific Event Detector
The application-specific event detector allows any Embedded Event Manager policy to publish an event.
When an EEM policy publishes an event it must use an EEM subsystem number of 798 with any event type.
If an existing policy is registered for subsystem 798 and a specified event type, a second policy of the same event type will trigger the first policy to run when the specified event is published.
CLI Event Detector
The CLI event detector screens command-line interface (CLI) commands for a regular expression match.
When a match is found, an event is published. The match logic is performed on the fully expanded CLI command after the command is successfully parsed and before it is executed. The CLI event detector supports three publish modes:
• Synchronous publishing of CLI events--The CLI command is not executed until the EEM policy exits, and the EEM policy can control whether the command is executed. The read/write variable, _exit_status, allows you to set the exit status at policy exit for policies triggered from synchronous events. If
_exit_status is 0, the command is skipped, if _exit_status is 1, the command is run.
• Asynchronous publishing of CLI events--The CLI event is published, and then the CLI command is executed.
• Asynchronous publishing of CLI events with command skipping--The CLI event is published, but the
CLI command is not executed.
Counter Event Detector
The counter event detector publishes an event when a named counter crosses a specified threshold. There are two or more participants that affect counter processing. The counter event detector can modify the counter, and one or more subscribers define the criteria that cause the event to be published. After a counter event has been published, the counter monitoring logic can be reset to start monitoring the counter immediately or it can be reset when a second threshold--called an exit value--is crossed.
Custom CLI Event Detector
The custom CLI event detector publishes an event to add and enhance existing CLI command syntax. When the special parser characters Tab, ? (question mark), and Enter are entered, the parser sends the input to the custom CLI event detector for processing. The custom CLI event detector then compares this input against registered strings to determine if this is a new or enhanced CLI command. Upon a match the custom CLI event detector takes appropriate actions, such as displaying help for the command if ? is entered, displaying
14
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Event Detectors
the entire command if Tab is entered, or executing the command if Enter was entered. If a match does not occur, the parser regains control and processes the information as usual.
Enhanced Object Tracking Event Detector
The enhanced object tracking (EOT) event detector publishes an event when the status of a tracked object changes. Object tracking was first introduced into the Hot Standby Router Protocol (HSRP) as a simple tracking mechanism that allowed you to track the interface line-protocol state only. If the line-protocol state of the interface went down, the HSRP priority of the device was reduced, allowing another HSRP device with a higher priority to become active.
Object tracking was enhanced to provide complete separation between the objects to be tracked and the action to be taken by a client when a tracked object changes. Thus, several clients such as HSRP, VRRP, or GLBP can register their interest with the tracking process, track the same object, and each take different action when the object changes. Each tracked object is identified by a unique number that is specified on the tracking command-line interface (CLI). Client processes use this number to track a specific object. The tracking process periodically polls the tracked objects and notes any change of value. The changes in the tracked object are communicated to interested client processes, either immediately or after a specified delay. The object values are reported as either up or down.
Enhanced object tracking is now integrated with EEM to allow EEM to report on a status change of a tracked object and to allow enhanced object tracking to track EEM objects. A new type of tracking object--a stub object--is created. The stub object can be manipulated using the existing CLI commands that already allow tracked objects to be manipulated.
GOLD Event Detector
The GOLD event detector publishes an event when a GOLD failure event is detected on a specified card and subcard.
Interface Counter Event Detector
The interface counter event detector publishes an event when a generic Cisco IOS interface counter for a specified interface crosses a defined threshold. A threshold can be specified as an absolute value or an incremental value. If the incremental value is set to 50, for example, an event would be published when the interface counter increases by 50.
After an interface counter event has been published, the interface counter monitoring logic is reset using two methods. The interface counter is reset either when a second threshold--called an exit value--is crossed or when an elapsed period of time occurs.
IP SLA Event Detector
The IP SLA event detector publishes an event when an IP SLA reaction is triggered.
NetFlow Event Detector
The NetFlow event detector publishes an event when a NetFlow event is triggered.
None Event Detector
The none event detector publishes an event when the Cisco IOS event manager run CLI command executes an EEM policy. EEM schedules and runs policies on the basis of an event specification that is contained within the policy itself. An EEM policy must be identified and registered to be permitted to run manually before the
event manager run command will execute.
Embedded Event Manager Configuration Guide
15
Event Detectors
Embedded Event Manager Overview
OIR Event Detector
The online insertion and removal (OIR) event detector publishes an event when one of the following hardware insertion or removal events occurs:
• A card is removed.
• A card is inserted.
Route Processors (RPs), line cards, or feature cards can be monitored for OIR events.
Resource Event Detector
The resource event detector publishes an event when the Embedded Resource Manager (ERM) reports an event for the specified policy. The ERM infrastructure tracks resource depletion and resource dependencies across processes and within a system to handle various error conditions. The error conditions are handled by providing an equitable sharing of resources between various applications. The ERM framework provides a communication mechanism for resource entities and allows communication between these resource entities from numerous locations. The ERM framework also helps in debugging CPU and memory-related issues.
The ERM monitors system resource usage to better understand scalability needs by allowing you to configure threshold values for resources such as the CPU, buffers, and memory. The ERM event detector is the preferred method for monitoring resources in Cisco software but the ERM event detector is not supported in Software
Modularity images. For more details about ERM, go to “Embedded Resource Manager” module.
RF Event Detector
The redundancy framework (RF) event detector publishes an event when one or more RF events occur during synchronization in a dual Route Processor (RP) system. The RF event detector can also detect an event when a dual RP system continuously switches from one RP to another RP (referred to as a ping-pong situation).
RPC Event Detector
The remote procedure call (RPC) event detector provides the ability to invoke EEM policies from outside the device over an encrypted connection using Secure Shell (SSH). The RPC event detector uses Simple Object
Access Protocol (SOAP) data encoding for exchanging XML-based messages. This event detector can be used to run EEM policies and then receive output in a SOAP XML-formatted reply.
Routing Event Detector
The routing event detector publishes an event when a route entry changes in the Routing Information Base
(RIB).
SNMP Event Detector
The SNMP event detector allows a standard SNMP MIB object to be monitored and an event to be generated when the object matches specified values or crosses specified thresholds.
SNMP Notification Event Detector
The SNMP notification event detector provides the ability to intercept SNMP trap and inform messages coming into or going out of the device. An SNMP notification event is generated when an incoming or outgoing
SNMP trap or inform message matches specified values or crosses specified thresholds. The SNMP event detector can wait and intercept the outgoing SNMP traps and informs.
16
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Event Detectors
SNMP Object Event Detector
The Simple Network Management Protocol (SNMP) object trap event detector provides an extension to replace the value when an SNMP trap with the specified SNMP object ID (OID) is encountered on a specific interface or address.
Syslog Event Detector
The syslog event detector allows for screening syslog messages for a regular expression pattern match. The selected messages can be further qualified, requiring that a specific number of occurrences be logged within a specified time. A match on a specified event criteria triggers a configured policy action.
System Manager Event Detector
The system manager event detector generates events for Cisco IOS Software Modularity process start, normal or abnormal stop, and restart events. The events generated by the system manager allows policies to change the default behavior of the process restart.
Timer Event Detector
The timer event detector publishes events for the following four different types of timers:
• An absolute-time-of-day timer publishes an event when a specified absolute date and time occurs.
• A countdown timer publishes an event when a timer counts down to zero.
• A watchdog timer publishes an event when a timer counts down to zero and then the timer automatically resets itself to its initial value and starts to count down again.
• A CRON timer publishes an event using a UNIX standard CRON specification to indicate when the event is to be published. A CRON timer never publishes events more than once per minute.
Watchdog System Monitor (IOSWDSysMon) Event Detector for Cisco IOS
The Cisco IOS watchdog system monitor event detector publishes an event when one of the following occurs:
• CPU utilization for a Cisco IOS task crosses a threshold.
• Memory utilization for a Cisco IOS task crosses a threshold.
Note
Cisco IOS processes are now referred to as tasks to distinguish them from Cisco IOS Software Modularity processes.
Two events may be monitored at the same time, and the event publishing criteria can be specified to require one event or both events to cross their specified thresholds.
Watchdog System Monitor (WDSysMon) Event Detector for Cisco IOS Software Modularity
The Cisco IOS Software Modularity watchdog system monitor event detector detects infinite loops, deadlocks, and memory leaks in Cisco IOS Software Modularity processes.
Embedded Event Manager Configuration Guide
17
Embedded Event Manager Overview
EEM Actions Available by Cisco IOS Release
EEM Actions Available by Cisco IOS Release
The CLI-based corrective actions that are taken when event detectors report events enable a powerful on-device event management mechanism. Some actions are available in every Cisco IOS release, but most actions have been introduced in a specific release. Use the table below to determine which actions are available in your specific Cisco IOS release. A blank entry (--) indicates that the action is not available; the text “Yes” indicates that the action is available. The actions shown in the table are supported in later releases of the same Cisco
IOS release train. For more details on each action, see the Embedded Event Manager Actions concept in the
“Embedded Event Manager Overview” module.
Table 2: Availability of Actions by Cisco IOS Release
Action 12.2(25)S 12.3(14)T
12.2(18)SXF5
12.2(28)SB
12.2(33)SRA
12.4(2)T
12.2(31)SB3
12.2(33)SRB
12.2(18)SXF4
Cisco IOS
Software
Modularity
12.2(33)SXH 12.4(20)T
Yes Yes Yes Yes Yes
12.4(22)T
Yes
15.0(1)M
Yes
15E
XE 3E
Yes Execute a
CLI command
--
Generate a
CNS event
Yes
Generate a prioritized syslog message
Yes
Generate an SNMP trap
Yes
Manually run an
EEM policy
--
Publish an application-specific event
Yes
Read the state of a tracked object
--
Reload the
Cisco software
Yes
Yes
Yes
Yes
Yes
Yes
--
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
--
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
18
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Embedded Event Manager Actions
Action
Request system information
--
Send a short e-mail
--
Set or modify a named counter
Set the state of a tracked object
Yes
--
Switch to a secondary
RP
Yes
12.2(25)S 12.3(14)T
12.2(18)SXF5
12.2(28)SB
12.2(33)SRA
12.4(2)T
12.2(31)SB3
12.2(33)SRB
12.2(18)SXF4
Cisco IOS
Software
Modularity
12.2(33)SXH 12.4(20)T
Yes Yes Yes Yes Yes
Yes
Yes
--
Yes
Yes
Yes
Yes
Yes
Yes
Yes
--
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
12.4(22)T
Yes
Yes
Yes
Yes
Yes
15.0(1)M
Yes
Yes
Yes
Yes
Yes
15E
XE 3E
Yes
Yes
Yes
Yes
Yes
Embedded Event Manager Actions
The CLI-based corrective actions that are taken when event detectors report events enable a powerful on-device event management mechanism. Some EEM actions are available on every Cisco IOS release, but most EEM actions have been introduced in a specific release. For details of which EEM action is supported in each Cisco
IOS release, see the EEM Actions Available by Cisco IOS Release concept in the “Writing Embedded Event
Manager Policies Using the Cisco IOS CLI” or the “Writing Embedded Event Manager Policies Using Tcl” modules. EEM supports the following actions:
• Executing a Cisco IOS command-line interface (CLI) command.
• Generating a CNS event for upstream processing by Cisco CNS devices.
• Setting or modifying a named counter.
• Switching to a secondary processor in a fully redundant hardware configuration.
• Requesting system information when an event occurs.
• Sending a short e-mail.
• Manually running an EEM policy.
• Publishing an application-specific event.
Embedded Event Manager Configuration Guide
19
Embedded Event Manager Overview
Embedded Event Manager Environment Variables
• Reloading the Cisco software.
• Generating an SNMP trap.
• Generating prioritized syslog messages.
• Reading the state of a tracked object.
• Setting the state of a tracked object.
EEM action CLI commands contain an EEM action label that is a unique identifier that can be any string value. Actions are sorted and run in ascending alphanumeric (lexicographical) key sequence using the label as the sort key. If you are using numbers as labels be aware that alphanumerical sorting will sort 10.0 after
1.0, but before 2.0, and in this situation we recommend that you use numbers such as 01.0, 02.0, and so on, or use an initial letter followed by numbers.
Embedded Event Manager Environment Variables
EEM allows environment variables to be used in EEM policies. Tool Command Language (Tcl) allows global variables to be defined that are known to all procedures within a Tcl script. EEM allows environment variables to be defined using a CLI command, the event manager environment command, for use within an EEM policy. All EEM environment variables are automatically assigned to Tcl global variables before a Tcl script is run. There are three different types of environment variables associated with Embedded Event Manager:
• User-defined--Defined by you if you create an environment variable in a policy that you have written.
• Cisco-defined--Defined by Cisco for a specific sample policy.
• Cisco built-in (available in EEM applets)--Defined by Cisco and can be read only or read/write. The read only variables are set by the system before an applet starts to execute. The single read/write variable,
_exit_status, allows you to set the exit status at policy exit for policies triggered from synchronous events.
Cisco-defined environment variables (see the table below) and Cisco system-defined environment variables may apply to one specific event detector or to all event detectors. Environment variables that are user-defined or defined by Cisco in a sample policy are set using the event manager environment command. Variables that are used in the EEM policy must be defined before you register the policy. A Tcl policy contains a section called “Environment Must Define” that can be defined to check that any required environment variables are defined before the policy runs.
Cisco built-in environment variables are a subset of the Cisco-defined environment variables and the built-in variables are available to EEM applets only. The built-in variables can be read-only or can be read and write, and these variables may apply to one specific event detector or to all event detectors. For more details and a table listing the Cisco system-defined variables, see the ““Writing Embedded Event Manager Policies Using the Cisco IOS CLI” module.
Note
Cisco-defined environment variables begin with an underscore character (_). We strongly recommend that customers avoid the same naming convention to prevent naming conflicts.
The table below describes the Cisco-defined variables used in the sample EEM policies. Some of the environment variables do not have to be specified for the corresponding sample policy to run and these are marked as optional.
20
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Embedded Event Manager Environment Variables
Table 3: Cisco-Defined Environmental Variables and Examples
Environment Variable
_config_cmd1
_config_cmd2
_crash_reporter_debug
_crash_reporter_url
_cron_entry
_email_server
_email_to
_email_from
_email_cc
_email_ipaddr
_info_snmp_oid
_info_snmp_value
_show_cmd
Description
The first configuration command that is executed.
Example interface Ethernet1/0
(Optional) The second configuration command that is executed.
no shutdown
(Optional) A value that identifies whether debug information for tm_crash_reporter.tcl will be enabled.
1
The URL location to which the crash report is sent.
http://www.yourdomain.com/ fm/interface_tm.cgi
A CRON specification that determines when the policy will run. See the “Writing Embedded
Event Manager Policies Using Tcl” module for more information about how to specify a cron entry.
0-59/1 0-23/1 * * 0-7
A Simple Mail Transfer Protocol
(SMTP) mail server used to send e-mail.
mailserver.yourdomain.com
The address to which e-mail is sent.
The address from which e-mail is sent.
The address to which the e-mail is be copied.
The source IP address of the recipient.
The SNMP object ID.
209.165.201.1 or (IPv6 address)
2001:0DB8::1
1.3.6.1.2.1.2 or iso.internet.mgmt.mib-2.interfaces
The value string of the associated
SNMP data element.
The CLI show command to be executed when the policy is run.
show version
Embedded Event Manager Configuration Guide
21
Embedded Event Manager Overview
Embedded Event Manager Policy Creation
Environment Variable
_syslog_pattern
_tm_fsys_usage_cron
_tm_fsys_usage_debug
_tm_fsys_usage_ freebytes
_tm_fsys_usage_percent
Description Example
A regular expression pattern match string that is used to compare syslog messages to determine when the policy runs.
.*UPDOWN.*FastEthernet 0/0.*
(Optional) A CRON specification that is used in the event_register keyword extension. If unspecified, the _tm_fsys_usage.tcl policy is triggered once per minute.
0-59/1 0-23/1 * * 0-7
(Optional) When this variable is set to a value of 1, disk usage information is displayed for all entries in the system.
1
(Optional) Free byte threshold for systems or specific prefixes. If free space falls below a given value, a warning is displayed.
disk2:98000000
(Optional) Disk usage percentage thresholds for systems or specific prefixes. If disk usage percentage exceeds a given percentage, a warning is displayed. If unspecified, the default disk usage percentage is 80 percent for all systems.
nvram:25 disk2:5
Embedded Event Manager Policy Creation
EEM is a policy driven process in which the EEM policy engine receives notifications when faults and other events occur in the Cisco software system. Embedded Event Manager policies implement recovery based on the current state of the system and the actions specified in the policy for a given event. Recovery actions are triggered when the policy is run.
Although there are some EEM CLI configuration and show commands, EEM is implemented through the creation of policies. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration. A script is a form of policy that is written in Tcl.
The creation of an EEM policy involves:
• Selecting the event for which the policy is run.
• Defining the event detector options associated with logging and responding to the event.
• Defining the environment variables, if required.
22
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Where to Go Next
• Choosing the actions to be performed when the event occurs.
There are two ways to create an EEM policy. The first method is to write applets using CLI commands, and the second method is to write Tcl scripts. Cisco provides enhancements to Tcl in the form of Tcl command extensions that facilitate the development of EEM policies. Scripts are defined off the networking device using an ASCII editor. The script is then copied to the networking device and registered with EEM. When a policy is registered with the Embedded Event Manager, the software examines the policy and registers it to be run when the specified event occurs. Policies can be unregistered or suspended. Both types of policies can be used to implement EEM in your network.
For details on writing EEM policies using the Cisco IOS CLI, go to “Writing Embedded Event Manager
Policies Using the Cisco IOS CLI” module.
For details on writing EEM policies using Tcl, go to “Writing Embedded Event Manager Policies Using Tcl” module.
Where to Go Next
• If you want to write EEM policies using the Cisco IOS CLI, see the “Writing Embedded Event Manager
Policies Using the Cisco IOS CLI” module.
• If you want to write EEM policies using Tcl, see the “Writing Embedded Event Manager Policies Using
Tcl” module.
Feature Information for Embedded Event Manager 4.0 Overview
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to . An account on Cisco.com is not required.
Table 4: Feature Information for Embedded Event Manager 4.0 Overview
Feature Name
Embedded Event
Manager 1.0
Releases Feature Information
EEM 1.0 introduced Embedded Event Manager applet creation with the SNMP and syslog event detectors. EEM 1.0 also introduced the following actions: generating prioritized syslog messages, generating a CNS event for upstream processing by
Cisco CNS devices, reloading the Cisco IOS software, and switching to a secondary processor in a fully redundant hardware configuration.
The following commands were introduced by this feature: action
cns-event, action force-switchover, action reload, action
syslog, debug event manager, event manager applet, event
snmp, event syslog, show event manager policy registered.
Embedded Event Manager Configuration Guide
23
Embedded Event Manager Overview
Feature Information for Embedded Event Manager 4.0 Overview
Feature Name
Embedded Event
Manager 2.0
Embedded Event
Manager 2.1
Releases
Embedded Event
Manager 2.1
(Software
Modularity)
12.2(18)SXF4
Cisco IOS Software
Modularity images
Feature Information
EEM 2.0 introduced the application-specific event detector, the counter event detector, the interface counter event detector, the timer event detector, and the watchdog event detector. New actions included modifying a named counter, publishing an application-specific event, and generating an SNMP trap. The ability to define environment variables and to run EEM policies written using Tcl was introduced, and two sample policies were included with the software.
The following commands were introduced by this feature: action
counter, action publish-event, action snmp-trap, event
application, event counter, event interface, event
ioswdsysmon, event manager environment, event manager
history size, event manager policy, event manager scheduler
suspend, event timer, show event manager environment,
show event manager history events, show event manager
history traps, show event manager policy available, show
event manager policy pending.
EEM 2.1 introduced some new event detectors and actions with new functionality to allow EEM policies to be run manually and the ability to run multiple concurrent policies. Support for Simple
Network Management Protocol (SNMP) event detector rate-based events was provided as was the ability to create policies using Tool Command Language (Tcl).
The following commands were introduced or modified by this feature: action cli, action counter, action info, action mail,
action policy, debug event manager, event cli, event manager
directory user, event manager policy, event manager run,
event manager scheduler script, event manager session cli
username, event none, event oir, event snmp, event syslog,
set(EEM), show event manager directory user, show event
manager policy registered, show event manager session cli
username.
EEM 2.1 for Software Modularity images introduced the GOLD, system manager, and WDSysMon (Cisco IOS Software
Modularity watchdog) event detectors, and the ability to display
Cisco IOS Software Modularity processes and process metrics.
The following commands were introduced by this feature: event
gold, event process, show event manager metric process.
Note
EEM 2.1 for Software Modularity images also supports the resource and RF event detectors introduced in EEM
2.2, but it does not support the enhanced object tracking event detector or the actions to read and set tracked objects.
24
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Feature Information for Embedded Event Manager 4.0 Overview
Feature Name
Embedded Event
Manager 2.2
Releases
12.2(31)SB3
12.2(33)SRB
SNMP event detector delta environment variable
Embedded Event
Manager 2.3
12.2(33)SXH
12.2(33)SB
Embedded Event
Manager 2.4
12.2(33)SXI
12.2(33)SRE
Feature Information
EEM 2.2 introduced the enhanced object tracking, resource, and
RF event detectors. The actions of reading and setting the state of a tracked object were also introduced.
The following commands were introduced or modified by this feature: action track read, action track set, default-state, event
resource, event rf, event track, show track, track stub-object.
A new SNMP event detector environment variable,
_snmp_oid_delta_val, was introduced.
This is a minor enhancement. Minor enhancements are not typically listed in Feature Navigator.
EEM 2.3 introduced some new features relative to the Generic
Online Diagnostics (GOLD) Event Detector on the Cisco Catalyst
6500 Series switches.
The event gold command was enhanced in addition to the Tcl keywords–action-notify, testing-type, test-name, test-id,
consecutive-failure, platform-action, and maxrun--for improved reaction to GOLD test failures and conditions
Read-only variables were added under the GOLD Event
Detector category to provide access to platform-wide and test-specific GOLD event detector information for a detected event.
EEM 2.4 introduced several new features.
The following commands were introduced by this feature:
attribute (EEM) , correlate, event manager detector rpc,
event manager directory user repository, event manager
update user policy, event manager scheduler clear, event
manager update user policy, event owner, event rpc, event
snmp-notification, show event manager detector, show event
manager version, trigger (EEM).
Embedded Event Manager Configuration Guide
25
Embedded Event Manager Overview
Feature Information for Embedded Event Manager 4.0 Overview
Feature Name Releases
Embedded Event
Manger 3.0
12.2(33)SRE
Embedded Event
Manager 3.1
Embedded Event
Manager 3.2
Embedded Event
Manager 4.0
12.2(52)SE
12.2(54)SG
Feature Information
EEM 3.0 introduced several new features.
The following commands were introduced or modified by this feature:
action add , action append, action break, action comment,
action context retrieve, action context save, action continue,
action decrement, action divide, action else, action elseif,
action end, action exit, action foreach, action gets, action if,
action if goto, action increment, action info type
interface-names, action info type snmp getid, action info type
snmp inform, action info type snmp oid, action info type
snmp trap, action info type snmp var, action multiply, action
puts, action regexp, action set (EEM), action string compare,
action string equal, action string first, action string index,
action string last, action string length, action string match,
action string range, action string replace, action string
tolower, action string toupper, action string trim, action
string trimleft, action string trimright, action subtract, action
while, event cli, event ipsla, event manager detector routing,
event manager scheduler, event manager scheduler clear,
event manager scheduler hold, event manager scheduler
modify, event manager scheduler release, event nf, event
routing, show event manager policy active, show event
manager policy pending, and show event manager scheduler.
EEM 3.1 introduced several new features.
The following commands were introduced or modified by this feature: action syslog, description (EEM), event manager
applet, event manager policy, event snmp-notification, event
snmp-object, show event manager policy registered, and show
event manager policy available.
EEM 3.2 introduced several new features.
The following commands were introduced or modified: debug
event manager, event identity, event mat, event
neighbor-discovery, show event manager detector.
EEM 4.0 introduced several new features.
The following commands were introduced or modified: action
file, action mail, action syslog, clear event manager detector
counters, clear event manager server counters, event cli,
event manager policy, event manager scheduler, event syslog,
show event manager detector, show event manager policy
registered, show event manager statistics.
26
Embedded Event Manager Configuration Guide
Embedded Event Manager Overview
Additional References
Additional References
The following sections provide references related to EEM.
Related Documents
Related Topic
Cisco IOS commands
Document Title
Cisco IOS Master Commands List, All Releases
EEM commands: complete command syntax, defaults, command mode, command history, usage guidelines, and examples
Cisco IOS Embedded Event Manager Command
Reference
Embedded Event Manager policy writing using the
CLI
Writing Embedded Event Manager Policies Using the Cisco IOS CLI module
Embedded Event Manager policy writing using Tcl Writing Embedded Event Manager Policies Using
Tcl module
Embedded Resource Manager Embedded Resource Manager module
Standards
Standard Title
No new or modified standards are supported, and support for existing standards has not been modified.
--
MIBs
MIB
CISCO-EMBEDDED-EVENT-MGR-MIB
MIBs Link
To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL: http://www.cisco.com/go/mibs
RFCs
RFC Title
No new or modified RFCs are supported, and support for existing RFCs has not been modified.
--
Embedded Event Manager Configuration Guide
27
Embedded Event Manager Overview
Additional References
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with
Cisco products and technologies.
http://www.cisco.com/cisco/web/support/index.html
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
28
Embedded Event Manager Configuration Guide
C H A P T E R
3
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
This module describes how to write Embedded Event Manager (EEM) policies using Cisco IOS command-line interface (CLI) applets to handle Cisco software faults and events. EEM is a distributed and customized approach to event detection and recovery offered directly in a Cisco IOS device. EEM offers the ability to monitor events and take informational, corrective, or any desired action when the monitored events occur or when a threshold is reached. The EEM policy engine receives notifications when faults and other events occur. EEM policies implement recovery on the basis of the current state of the system and the actions specified in the policy for a given event. Recovery actions are triggered when the policy is run.
•
Finding Feature Information, page 29
•
Prerequisites for Writing EEM Policies Using the Cisco IOS CLI, page 30
•
Information About Writing EEM Policies Using the Cisco IOS CLI, page 30
•
How to Write EEM Policies Using the Cisco IOS CLI, page 43
•
Configuration Examples for Writing EEM Policies Using the Cisco IOS CLI, page 91
•
Additional References, page 106
•
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI, page 108
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn . An account on Cisco.com is not required.
Embedded Event Manager Configuration Guide
29
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Prerequisites for Writing EEM Policies Using the Cisco IOS CLI
Prerequisites for Writing EEM Policies Using the Cisco IOS CLI
• Before writing EEM policies, you should be familiar with the concepts explained in the “Embedded
Event Manager Overview” module.
• If the action cns-event command is used, access to a Cisco Networking Services (CNS) Event gateway must be configured.
• If the action force-switchover command is used, a secondary processor must be configured on the device.
• If the action snmp-trap command is used, the snmp-server enable traps event-manager command must be enabled to permit SNMP traps to be sent from the Cisco IOS device to the SNMP server. Other relevant snmp-server commands must also be configured; for details see the action snmp-trap command page.
Information About Writing EEM Policies Using the Cisco IOS
CLI
Embedded Event Manager Policies
EEM offers the ability to monitor events and take informational or corrective action when the monitored events occur or a threshold is reached. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration. A script is a form of policy that is written in Tool
Command Language (Tcl).
EEM Applet
An EEM applet is a concise method for defining event screening criteria and the actions to be taken when that event occurs. In applet configuration mode, three types of configuration statements are supported. The
event commands are used to specify the event criteria to trigger the applet to run, the action commands are used to specify an action to perform when the EEM applet is triggered, and the set command is used to set the value of an EEM applet variable. Currently only the _exit_status variable is supported for the set command.
Only one event configuration command is allowed within an applet configuration. When applet configuration mode is exited and no event command is present, a warning is displayed stating that no event is associated with this applet. If no event is specified, this applet is not considered registered. When no action is associated with this applet, events are still triggered but no actions are performed. Multiple action configuration commands are allowed within an applet configuration. Use the show event manager policy registered command to display a list of registered applets.
Before modifying an EEM applet, be aware that the existing applet is not replaced until you exit applet configuration mode. While you are in applet configuration mode modifying the applet, the existing applet may be executing. It is safe to modify the applet without unregistering it. When you exit applet configuration mode, the old applet is unregistered and the new version is registered.
30
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
The action configuration commands are uniquely identified using the label argument, which can be any string value. Actions are sorted in ascending alphanumeric key sequence using the label argument as the sort key, and they are run using this sequence.
The Embedded Event Manager schedules and runs policies on the basis of an event specification that is contained within the policy itself. When applet configuration mode is exited, EEM examines the event and
action commands that are entered and registers the applet to be run when a specified event occurs.
EEM Script
Scripts are defined off the networking device using an ASCII editor. The script is then copied to the networking device and registered with EEM. Tcl scripts are supported by EEM.
EEM allows you to write and implement your own policies using Tcl. Writing an EEM policy involves:
• Selecting the event for which the policy is run.
• Defining the event detector options associated with logging and responding to the event.
• Choosing the actions to be followed when the event occurs.
Cisco provides enhancements to Tcl in the form of keyword extensions that facilitate the development of
EEM policies. The main categories of keywords identify the detected event, the subsequent action, utility information, counter values, and system information. For more details about writing EEM policies using Tcl, see the “Writing Embedded Event Manager Policies Using Tcl” module.
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
EEM built-in environment variables are a subset of the Cisco-defined environment variables and the built-in variables are available to EEM applets only. The built-in variables can be read-only or can be read and write and these variables may apply to one specific event detector or to all event detectors. The table below lists the Cisco built-in environment variables that are read-only alphabetically by event detector and subevent.
Table 5: EEM Built-In Environment Variables (Read Only)
Description Environment Variable
All Events
_event_id
_event_type
_event_type_string
_event_pub_sec _event_pub_msec
_event_severity
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
Type of event.
An ASCII string identifier of the event type that triggered the event.
The time, in seconds and milliseconds, at which the event was published to the EEM.
The severity of the event.
Embedded Event Manager Configuration Guide
31
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Environment Variable
Application-Specific Event Detector
_application_component_id
_application_data1
_application_data2
_application_data3
_application_data4
_application_sub_system
_application_type
CLI Event Detector
_cli_msg
_cli_msg_count
Counter Event Detector
_counter_name
_counter_value
Enhanced Object Tracking Event Detector
_track_number
_track_state
GOLD Event Detector
_action_notify
Description
The event application component identifier.
The value of an environment variable, character text, or a combination of the two to be passed to an application-specific event when the event is published.
The value of an environment variable, character text, or a combination of the two to be passed to an application-specific event when the event is published.
The value of an environment variable, character text, or a combination of the two to be passed to an application-specific event when the event is published.
The value of an environment variable, character text, or a combination of the two to be passed to an application-specific event when the event is published.
The event application subsystem number.
The type of application.
The fully expanded message that triggered the CLI event.
The number of times that a message match occurred before the event was published.
The name of the counter.
The value of the counter.
The number of the tracked object.
The state of the tracked object; down or up.
The action notify information in a GOLD event flag; either false or true.
32
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Environment Variable
_event_severity
_gold_bl
_gold_card
_gold_cf testnum
_gold_ci
_gold_cn
_gold_ec testnum
_gold_lf testnum
_gold_new_failure
_gold_overall_result
_gold_pc
Description
The event severity which can be one of the following; normal, minor, or major.
The boot diagnostic level, which can be one of the following values:
• 0: complete diagnostic
• 1: minimal diagnostic
• 2: bypass diagnostic
The card on which a GOLD failure event was detected.
Consecutive failure, where testnum is the test number.
For example, _gold_cf3 is the EEM built-in environment variable for consecutive failure of test
3.
Card index.
Card name.
Test error code, where testnum is the test number. For example, _gold_ec3 is the EEM built-in environment variable for the error code of test 3.
Last fail time, where testnum is the test number. For example, _gold_lf3 is the EEM built-in variable for the last fail time of test 3.
The time-stamp format is mmm dd yyyy hh:mm:ss.
For example, Mar 11 2005 08:47:00.
The new test failure information in a GOLD event flag; either true or false.
The overall diagnostic result, which can be one of the following values:
• 0: OK
• 3: minor error
• 4: major error
• 14: unknown result
Port counts.
Embedded Event Manager Configuration Guide
33
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Environment Variable
_gold_rc testnum
_gold_sn
_gold_sub_card
_gold_ta testnum
_gold_tc
_gold_tf testnum
_gold_tn testnum
_gold_tr testnum
_gold_tr testnum d devnum
Description
Test total run count, where testnum is the test number.
For example, _gold_rc3 is the EEM built-in variable for the total run count of test 3.
Card serial number.
The subcard on which a GOLD failure event was detected.
Test attribute, where testnum is the test number. For example, _gold_ta3 is the EEM built-in variable for the test attribute of test 3.
Test counts.
Total failure count, where testnum is the test number.
For example, _gold_tf3 is the EEM built-in variable for the total failure count of test 3.
Test name, where testnum is the test number. For example, _gold_tn3 is the EEM built-in variable for the name of test 3.
Test result, where testnum is the test number. For example, _gold_tr6 is the EEM built-in variable for test 6, where test 6 is not a per-port test and not a per-device test.
The test result is one of the following values:
• P: diagnostic result Pass
• F: diagnostic result Fail
• U: diagnostic result Unknown
Per-device test result, where testnum is the test number and devnum is the device number. For example, _gold_tr3d20 is the EEM built-in variable for the test result for test 3, device 20.
The test result is one of the following values:
• P: diagnostic result Pass
• F: diagnostic result Fail
• U: diagnostic result Unknown
34
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Environment Variable
_gold_tr testnum p portnum
_gold_tt
Interface Counter Event Detector
_interface_is_increment
_interface_name
_interface_parameter
_interface_value
None Event Detector
_event_id
Description
Per-port test result, where testnum is the test number and portnum is the port number. For example,
_gold_tr5p20 is the EEM built-in variable for the test result for test 5, port 20.
The test result is one of the following values:
• P: diagnostic result Pass
• F: diagnostic result Fail
• U: diagnostic result Unknown
The testing type, which can be one of the following:
• 1: a boot diagnostic
• 2: an on-demand diagnostic
• 3: a schedule diagnostic
• 4: a monitoring diagnostic
A value to indicate whether the current interface counter value is an absolute value (0) or an increment value (1).
The name of the interface to be monitored.
The name of the interface counter to be monitored.
A value with which the current interface counter value is compared.
A value of 1 indicates an insertion event; a value of
2 indicates a removal event.
Embedded Event Manager Configuration Guide
35
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Environment Variable
_none_argc
_none_arg1
_none_arg2
_none_arg3
_none_arg4
_none_arg5
_none_arg6
_none_arg7
_none_arg8
_none_arg9
_none_arg10
_none_arg11
_none_arg12
_none_arg13
_none_arg14
_none_arg15
OIR Event Detector
_oir_event
_oir_slot
Resource Event Detector
_resource_configured_threshold
_resource_current_value
_resource_dampen_time
_resource_direction
_resource_level
_resource_notify_data_flag
_resource_owner_id
Description
The parameters that are passed from the XML SOAP command to the script.
A value of 1 indicates an insertion event; a value of
2 indicates a removal event.
The slot number for the OIR event.
The configured ERM threshold.
The current value reported by ERM.
The ERM dampen time, in nanoseconds.
The ERM event direction. The event direction can be one of the following: up, down, or no change.
The ERM event level. The four event levels are normal, minor, major, and critical.
The ERM notify data flag.
The ERM resource owner ID.
36
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Environment Variable
_resource_policy_id
_resource_policy_violation_flag
_resource_time_sent
_resource_user_id
RF Event Detector
_rf_event
RPC Event Detector
_rpc_event
_rpc_argc
_rpc_arg0
_rpc_arg1
_rpc_arg2
_rpc_arg3
_rpc_arg4
_rpc_arg5
_rpc_arg6
_rpc_arg7
_rpc_arg8
_rpc_arg9
_rpc_arg10
_rpc_arg11
_rpc_arg12
_rpc_arg13
_rpc_arg14
SNMP Event Detector
_snmp_exit_event
_snmp_oid
Description
The ERM policy ID.
The ERM policy violation flag; either false or true.
The ERM event time, in nanoseconds.
The ERM resource user ID.
A value of 0 indicates that this is not an RF event; a value of 1 indicates an RF event.
A value of 0 indicates that there is no error; a value of 1 to 83 indicates error.
The parameters that are passed from the XML SOAP command to the applet.
A value of 0 indicates that this is not an exit event; a value of 1 indicates an exit event.
The SNMP object ID that caused the event to be published.
Embedded Event Manager Configuration Guide
37
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Environment Variable
_snmp_oid_delta_val
_snmp_oid_val
SNMP Notification Event Detector
_snmp_notif_oid
_snmp_notif_oid_val
_snmp_notif_src_ip_addr
_snmp_notif_dest_ip_addr
_x_x_x_x_x_x_x(varbinds)
_snmp_notif_trunc_vb_buf
Syslog Event Detector
_syslog_msg
System Manager (Process) Event Detector
_process_dump_count
_process_exit_status
_process_fail_count
_process_instance
_process_last_respawn
_process_node_name
_process_path
_process_process_name
_process_respawn_count
Description
The actual incremental difference between the value of the current SNMP object ID and the value when the event was last triggered.
The SNMP object ID value when the event was published.
A user specified object ID.
A user specified object ID value.
The source IP address of the SNMP Protocol Data
Unit (PDU).
The destination IP address of the SNMP PDU.
The SNMP PDU varbind information.
Indicates whether the varbind information has been truncated due to the lack of space in the buffer.
The syslog message that caused the event to be published.
The number of times that a Posix process was dumped.
The status of the Posix process at exit.
The number of times that a Posix process failed.
The instance number of the Posix process.
The Posix process that was last respawned.
The node name of the Posix process.
The path of the Posix process.
The name of the Posix process.
The number of times that a Posix process was respawned.
38
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Environment Variable
Timer Event Detector
_timer_remain
_timer_time
_timer_type
Description
The time available before the timer expires.
Note
This environment variable is not available for the CRON timer.
The time at which the last event was triggered.
The type of timer.
Watchdog System Monitor (IOSWDSysMon) Event
Detector
_ioswd_node
The slot number for the Route Processor (RP) reporting node.
The number of subevents present.
_ioswd_num_subs
All Watchdog System Monitor (IOSWDSysMon)
Subevents
_ioswd_sub1_present _ioswd_sub2_present
A value to indicate whether subevent 1 or subevent
2 is present. A value of 1 means that the subevent is present; a value of 0 means that the subevent is not present.
The event type, either cpu_proc or mem_proc.
_ioswd_sub1_type _ioswd_sub2_type
Watchdog System Monitor (IOSWDSysMon) cpu_proc Subevents
_ioswd_sub1_path _ioswd_sub2_path
_ioswd_sub1_period _ioswd_sub2_period
A process name of subevents.
The time period, in seconds and optional milliseconds, used for measurement in subevents.
_ioswd_sub1_pid _ioswd_sub2_pid
The process identifier of subevents.
_ioswd_sub1_taskname _ioswd_sub2_taskname
The task name of subevents.
_ioswd_sub1_value _ioswd_sub2_value
The CPU utilization of subevents measured as a percentage.
Watchdog System Monitor (IOSWDSysMon) mem_proc Subevents
Embedded Event Manager Configuration Guide
39
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Environment Variable Description
_ioswd_sub1_diff _ioswd_sub2_diff
A percentage value of the difference that triggered the event.
Note
This variable is set only when the
_ioswd_sub1_is_percent or
_ioswd_sub2_is_percent variable contains a value of 1.
_ioswd_sub1_is_percent _ioswd_sub2_is_percent
A number that identifies whether the value is a percentage. A value of 0 means that the value is not a percentage; a value of 1 means that the value is a percentage.
_ioswd_sub1_path _ioswd_sub2_path
_ioswd_sub1_pid _ioswd_sub2_pid
The process name of subevents.
The process identifier of subevents.
_ioswd_sub1_taskname _ioswd_sub2_taskname
The task name of subevents.
_ioswd_sub1_value _ioswd_sub2_value
The CPU utilization of subevents measured as a percentage.
Watchdog System Monitor (WDSysMon) Event
Detector
_wd_sub1_present _wd_sub2_present
_wd_num_subs
_wd_sub1_type _wd_sub2_type
A value to indicate whether subevent 1 or subevent
2 is present. A value of 1 means that the subevent is present; a value of 0 means that the subevent is not present.
The number of subevents present.
The event type: cpu_proc, cpu_tot, deadlock, dispatch_mgr, mem_proc, mem_tot_avail, or mem_tot_used.
Watchdog System Monitor (WDSysMon) cpu_proc
Subevents
_wd_sub1_node _wd_sub2_node
The slot number for the subevent RP reporting node.
_wd_sub1_period _wd_sub2_period
_wd_sub1_procname _wd_sub2_procname
The time period, in seconds and optional milliseconds, used for measurement in subevents.
The process name of subevents.
_wd_sub1_value _wd_sub2_value
The CPU utilization of subevents measured as a percentage.
40
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Environment Variable
Watchdog System Monitor (WDSysMon) cpu_tot
Subevents
_wd_sub1_node _wd_sub2_node
Description
_wd_sub1_period _wd_sub2_period
_wd_sub1_value _wd_sub2_value
The slot number for the subevent RP reporting node.
The time period, in seconds and optional milliseconds, used for measurement in subevents.
The CPU utilization of subevents measured as a percentage.
Watchdog System Monitor (WDSysMon) deadlock
Subevents
_wd_sub1_entry_ [1-N]_b_node
_wd_sub2_entry_[1-N]_b_node
The slot number for the subevent RP reporting node.
_wd_sub1_entry_ [1-N]_b_pid
_wd_sub2_entry_[1-N]_b_pid
_wd_sub1_entry_ [1-N]_b_procname
_wd_sub2_entry_[1-N]_b_procname
_wd_sub1_entry_ [1-N]_b_tid
_wd_sub2_entry_[1-N]_b_tid
_wd_sub1_entry_ [1-N]_node
_wd_sub2_entry_[1-N]_node
The process identifier of subevents.
The process name of subevents.
The time identifier of subevents.
The slot number for the subevent RP reporting node.
_wd_sub1_entry_ [1-N]_pid
_wd_sub2_entry_[1-N]_pid
_wd_sub1_entry_ [1-N]_procname
_wd_sub2_entry_[1-N]_procname
The process identifier of subevents.
The process name of subevents.
_wd_sub1_entry_ [1-N]_state
_wd_sub2_entry_[1-N]_state
The time identifier of subevents.
_wd_sub1_entry_ [1-N]_tid
_wd_sub2_entry_[1-N]_tid
The time identifier of subevents.
_wd_sub1_num_entries _wd_sub2_num_entries
The number of subevents.
Watchdog System Monitor (WDSysMon) dispatch manager Subevents
_wd_sub1_node _wd_sub2_node
The slot number for the subevent RP reporting node.
Embedded Event Manager Configuration Guide
41
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Environment Variable
_wd_sub1_period _wd_sub2_period
_wd_sub1_procname _wd_sub2_procname
_wd_sub1_node _wd_sub2_node
_wd_sub1_period _wd_sub2_period
Description
The time period, in seconds and optional milliseconds, used for measurement in subevents.
The process name of subevents.
_wd_sub1_value _wd_sub2_value
The CPU utilization of subevents measured as a percentage.
Watchdog System Monitor (WDSysMon) mem_proc
Subevents
_wd_sub1_diff _wd_sub2_diff
_wd_sub1_is_percent _wd_sub2_is_percent
A percentage value of the difference that triggered the event.
Note
This variable is set only when the
_wd_sub1_is_percent or
_wd_sub2_is_percent variable contains a value of 1.
A number that identifies whether the value is a percentage. A value of 0 means that the value is not a percentage; a value of 1 means that the value is a percentage.
The slot number for the subevent RP reporting node.
The time period, in seconds and optional milliseconds, used for measurement in subevents.
_wd_sub1_pid _wd_sub2_pid
_wd_sub1_procname _wd_sub2_procname
_wd_sub1_value _wd_sub2_value
The process identifier of subevents.
The process name of subevents.
The CPU utilization of subevents measured as a percentage.
Watchdog System Monitor (WDSysMon) mem_tot_avail and mem_tot_used Subevents
_wd_sub1_avail _wd_sub2_avail
_wd_sub1_diff _wd_sub2_diff
The memory available for subevents.
A percentage value of the difference that triggered the event.
Note
This variable is set only when the
_wd_sub1_is_percent or
_wd_sub2_is_percent variable contains a value of 1.
42
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
How to Write EEM Policies Using the Cisco IOS CLI
Environment Variable
_wd_sub1_is_percent _wd_sub2_is_percent
_wd_sub1_node _wd_sub2_node
_wd_sub1_period _wd_sub2_period
_wd_sub1_value _wd_sub2_value
_wd_sub1_used _wd_sub2_used
Description
A number that identifies whether the value is a percentage. A value of 0 means that the value is not a percentage; a value of 1 means that the value is a percentage.
The slot number for the subevent RP reporting node.
The time period, in seconds and optional milliseconds, used for measurement in subevents.
The CPU utilization of subevents measured as a percentage.
The memory used by subevents.
How to Write EEM Policies Using the Cisco IOS CLI
Registering and Defining an Embedded Event Manager Applet
Perform this task to register an applet with Embedded Event Manager and to define the EEM applet using the
Cisco IOS CLI event and action commands. Only one event command is allowed in an EEM applet. Multiple
action commands are permitted. If no event and no action commands are specified, the applet is removed when you exit configuration mode.
The SNMP event detector and the syslog action commands used in this task are just representing any event detector and action commands. For examples using other event detectors and action commands, see the
Embedded Event Manager Applet Configuration Examples, on page 91
.
EEM Environment Variables
EEM environment variables for EEM policies are defined using the EEM event manager environment configuration command. By convention, all Cisco EEM environment variables begin with “ _ ”. In order to avoid future conflict, customers are urged not to define new variables that start with “ _ ”.
You can display the EEM environment variables set on your system by using the show event manager
environment privileged EXEC command.
For example, you can create EEM policies that can send e-mails when an event occurs. The table below describes the e-mail-specific environment variables that can be used in EEM policies.
Embedded Event Manager Configuration Guide
43
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Registering and Defining an Embedded Event Manager Applet
Table 6: EEM E-mail-Specific Environmental Variables
Environment Variable
_email_server
Description
A Simple Mail Transfer Protocol
(SMTP) mail server used to send e-mail.
Example
The e-mail server name--Mailservername-- can be in any one of the following template formats:
• username:password@host
• username@host
• host
_email_to
_email_from
_email_cc
The address to which e-mail is sent.
The address from which e-mail is sent.
The address to which the e-mail is copied.
Alphabetical Order of EEM Action Labels
An EEM action label is a unique identifier that can be any string value. Actions are sorted and run in ascending alphanumeric (lexicographical) key sequence using the label as the sort key. If you are using numbers as labels be aware that alphanumerical sorting will sort 10.0 after 1.0, but before 2.0, and in this situation we recommend that you use numbers such as 01.0, 02.0, and so on, or use an initial letter followed by numbers.
44
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Registering and Defining an Embedded Event Manager Applet
SUMMARY STEPS
1. enable
2. show event manager environment [all| variable-name]
3. configure terminal
4. event manager environment variable-name string
5. Repeat
Alphabetical Order of EEM Action Labels
for all the required environment variables.
6. event manager applet applet-name
7. Do one of the following:
• event snmp oid oid-value get-type {exact| next} entry-op operator entry-val
entry-value[exit-comb| and}] [exit-op operator] [exit-val exit-value] [exit-time exit-time-value]
poll-interval poll-int-value
8. action label cli command cli-string [pattern pattern-string]
9. action label syslog [priority priority-level] msg msg-text facility string
10. action label mail server server-address to to-address from from-address [cc cc-address]
subject subject body body-text
11. Add more action commands as required.
12. end
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager environment [all|
variable-name]
Example:
Device# show event manager environment all
(Optional) Displays the name and value of EEM environment variables.
• The optional all keyword displays all the EEM environment variables.
• The optional variable-nameargument displays information about the specified environment variable.
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager environment variable-name string Configures the value of the specified EEM environment variable.
Embedded Event Manager Configuration Guide
45
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Registering and Defining an Embedded Event Manager Applet
Step 5
Step 6
Step 7
Command or Action
Example:
Device(config)# event manager environment
_email_to [email protected]
Purpose
• In this example, the environment variable that holds the e-mail address to which e-mail is sent is set to [email protected].
Repeat
Alphabetical Order of EEM Action Labels
for all the required environment variables.
Repeat
Alphabetical Order of EEM Action Labels
to configure all the environment variables required by the policy to be registered in
Alphabetical Order of EEM Action Labels .
event manager applet applet-name Registers the applet with the Embedded Event Manager (EEM) and enters applet configuration mode.
Example:
Device(config)# event manager applet memory-fail
Do one of the following:
• event snmp oid oid-value get-type {exact|
next} entry-op operator entry-val
entry-value[exit-comb| and}] [exit-op
operator] [exit-val exit-value] [exit-time
exit-time-value] poll-interval poll-int-value
Specifies the event criteria that cause the EEM applet to run.
• In this example, an EEM event is triggered when free memory falls below the value of 5120000.
• Exit criteria are optional, and if not specified, event monitoring is reenabled immediately.
Step 8
Example:
Device(config-applet)# event snmp oid
1.3.6.1.4.1.9.9.48.1.1.1.6.1
get-type exact entry-op lt entry-val 5120000 poll-interval 90
action label cli command cli-string [pattern
pattern-string]
Example:
Device(config-applet)# action 1.0 cli command "enable"
Example:
Device(config-applet)# action 2.0 cli command "clear counters Ethernet0/1" pattern
"confirm"
Example:
Specifies the action of executing a Cisco IOS CLI command when an EEM applet is triggered.
The pattern keyword is optional and is used only when the command string solicits input. The action clicommand ends when the solicited prompt as specified in the optional pattern keyword is received. You are required to specify a regular expression pattern that will match the next solicited prompt. Specification of an incorrect pattern will cause the action cli command to wait forever until the applet execution times out due to the maxrun timer expiration.
• The action taken is to specify an EEM applet to run when the
pattern keyword specifies the confirm argument for the clear
counters Ethernet0/1 command. In this case the command string solicits input, such as “confirm,” which has to be completed with a “yes” or a “no” input.
Device(config-applet)# action 3.0 cli command "y"
46
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Registering and Defining an Embedded Event Manager Applet
Step 9
Step 10
action label mail server server-address to
to-address from from-address [cc cc-address]
subject subject body body-text
Example:
Device(config-applet)# action 2.0 mail server 192.168.1.10 to [email protected] from [email protected] subject "Memory failure" body "Memory exhausted; current available memory is $_snmp_oid_val bytes"
Specifies the action of sending a short e-mail when an EEM applet is triggered.
• The server-address argument specifies the fully qualified domain name of the e-mail server to be used to forward the e-mail.
• The to-address argument specifies the e-mail address where the e-mail is to be sent.
• The from-address argument specifies the e-mail address from which the e-mail is sent.
• The subject argument specifies the subject line content of the e-mail as an alphanumeric string.
• The body-text argument specifies the text content of the e-mail as an alphanumeric string.
Step 11
Step 12
Command or Action Purpose
action label syslog [priority priority-level] msg
msg-text facility string
Specifies the action to be taken when an EEM applet is triggered.
In this example, the action taken is to write a message to syslog.
Example:
Device(config-applet)# action 1.0 syslog priority critical msg
"Memory exhausted; current available memory is $_snmp_oid_val bytes"
Example:
Device(config-applet)# action 1.0 syslog priority errors facility EEM-FAC message
“TEST MSG”
• The optional priority keyword specifies the priority level of the syslog messages. If selected, the priority-level argument must be defined.
• The msg-text argument can be character text, an environment variable, or a combination of the two.
• The facility keyword specifies the location of generated message
• The string argument can be character text, an environment variable, or a combination of the two.
Add more action commands as required.
end
--
Exits applet configuration mode and returns to privileged EXEC mode.
Example:
Device(config-applet)# end
Troubleshooting Tips
Use the debug event manager command in privileged EXEC mode to troubleshoot EEM command operations.
Use any debugging command with caution as the volume of generated output can slow or stop the device operations. We recommend that this command be used only under the supervision of a Cisco engineer.
Embedded Event Manager Configuration Guide
47
Registering and Defining an Embedded Event Manager Policy to Run Manually
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Registering and Defining an Embedded Event Manager Policy to Run Manually
There are two ways to manually run an EEM policy. EEM usually schedules and runs policies on the basis of an event specification that is contained within the policy itself. The event none command allows EEM to identify an EEM policy that can be manually triggered. To run the policy, use either the action policy command in applet configuration mode or the event manager run command in privileged EXEC mode.
Perform this task to register an EEM policy to be run manually using the event manager run command. For an example of how to manually run a policy using the action policy command, see the
Manager Manual Policy Execution Examples, on page 96
.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. event none
5. action label syslog [priority priority-level] msg msg-text facility string
6. end
7. event manager run applet-name
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Example:
Device> enable
configure terminal
Example:
Device# configure terminal
event manager applet applet-name
Example:
Device(config)# event manager applet manual-policy
event none
Example:
Device(config-applet)# event none
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
Registers the applet with the Embedded Event Manager and enters applet configuration mode.
Specifies that an EEM policy is to be registered with the EEM and can be run manually.
48
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Unregistering Embedded Event Manager Policies
Step 5
Step 6
Step 7
Command or Action
action label syslog [priority priority-level]
msg msg-text facility string
Example:
Device(config-applet)# action 1.0 syslog msg "Manual-policy triggered"
Purpose
Specifies the action to be taken when an EEM applet is triggered.
In this example, the action to be taken is to write a message to syslog.
• The optional priority keyword specifies the priority level of the syslog messages. If selected, the priority-level argument must be defined.
• The msg-text argument can be character text, an environment variable, or a combination of the two.
• The facility keyword specifies the location of generated message.
• The string argument can be character text, an environment variable, or a combination of the two.
end
Exits applet configuration mode and returns to privileged EXEC mode.
Example:
Device(config-applet)# end
event manager run applet-name Manually runs a registered EEM policy.
Example:
Device# event manager run manual-policy
Unregistering Embedded Event Manager Policies
Perform this task to remove an EEM policy from the running configuration file. Execution of the policy is canceled.
SUMMARY STEPS
1. enable
2. show event manager policy registered [description [policy-name] | detailed policy-filename [system
| user] | [event-type event-name] [system | user] [time-ordered | name-ordered]]
3. configure terminal
4. no event manager policy policy-filename
5. exit
6. Repeat Step 2 to ensure that the policy has been removed.
Embedded Event Manager Configuration Guide
49
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Unregistering Embedded Event Manager Policies
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager policy registered [description
[policy-name] | detailed policy-filename [system | user] |
[event-type event-name] [system | user] [time-ordered |
name-ordered]]
(Optional) Displays the EEM policies that are currently registered.
• The optional systemand user keywords display the registered system and user policies.
Example:
Device# show event manager policy registered
• If no keywords are specified, EEM registered policies for all event types are displayed in time order.
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
no event manager policy policy-filename
Example:
Device(config)# no event manager policy IPSLAping1
Removes the EEM policy from the configuration, causing the policy to be unregistered.
exit
Exits global configuration mode and returns to privileged
EXEC mode.
Example:
Device(config)# exit
Repeat Step 2 to ensure that the policy has been removed.
--
Example:
Device# show event manager policy registered
Examples
In the following example, the show event manager policy registered privileged EXEC command is used to display the two EEM applets that are currently registered:
Device#
show event manager policy registered
No.
Class Type
1 applet system
Event Type snmp
Trap Time Registered Name
Off Fri Aug 12 17:42:52 2005 IPSLAping1
50
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Suspending All Embedded Event Manager Policy Execution
oid {1.3.6.1.4.1.9.9.42.1.2.9.1.6.4} get-type exact entry-op eq entry-val {1} exit-op eq exit-val {2} poll-interval 90.000
action 1.0 syslog priority critical msg "Server IPecho Failed: OID=$_snmp_oid_val" action 1.1 snmp-trap strdata "EEM detected server reachability failure to 10.1.88.9" action 1.2 publish-event sub-system 88000101 type 1 arg1 "10.1.88.9" arg2 "IPSLAEcho" arg3 "fail" action 1.3 counter name _IPSLA1F op inc value 1
2 applet system snmp Off Thu Sep 15 05:57:16 2005 memory-fail oid {1.3.6.1.4.1.9.9.48.1.1.1.6.1} get-type exact entry-op lt entry-val {5120000} poll-interval 90 action 1.0 syslog priority critical msg Memory exhausted; current available memory is
$_snmp_oid_val bytes action 2.0 force-switchover
In the following example, the show event manager policy registered privileged EXEC command is used to show that applet IPSLAping1 has been removed after entering the no event manager policy command:
Device#
show event manager policy registered
No.
Class Type
1 applet system
Event Type snmp
Trap Time Registered Name
Off Thu Sep 15 05:57:16 2005 memory-fail oid {1.3.6.1.4.1.9.9.48.1.1.1.6.1} get-type exact entry-op lt entry-val {5120000} poll-interval 90 action 1.0 syslog priority critical msg Memory exhausted; current available memory is
$_snmp_oid_val bytes action 2.0 force-switchover
Suspending All Embedded Event Manager Policy Execution
Perform this task to immediately suspend the execution of all EEM policies. Suspending policies, instead of unregistering them might be necessary for reasons of temporary performance or security.
SUMMARY STEPS
1. enable
2. show event manager policy registered [description [policy-name] | detailed policy-filename [system
| user] | [event-type event-name] [system | user] [time-ordered | name-ordered]]
3. configure terminal
4. event manager scheduler suspend
5. exit
DETAILED STEPS
Step 1
Step 2
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager policy registered [description
[policy-name] | detailed policy-filename [system | user]
| [event-type event-name] [system | user] [time-ordered
| name-ordered]]
(Optional) Displays the EEM policies that are currently registered.
• The optional systemand user keywords display the registered system and user policies.
Embedded Event Manager Configuration Guide
51
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Displaying Embedded Event Manager History Data
Step 3
Step 4
Step 5
Command or Action Purpose
• If no keywords are specified, EEM registered policies for all event types are displayed in time order.
Example:
Device# show event manager policy registered
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager scheduler suspend
Immediately suspends the execution of all EEM policies.
Example:
Device(config)# event manager scheduler suspend
exit
Exits global configuration mode and returns to privileged
EXEC mode.
Example:
Device(config)# exit
Displaying Embedded Event Manager History Data
Perform this optional task to change the size of the history tables and to display EEM history data.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager history size {events | traps} [size]
4. exit
5. show event manager history events [detailed] [maximum number]
6. show event manager history traps {server | policy}
DETAILED STEPS
Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
52
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Displaying Embedded Event Manager History Data
Step 2
Step 3
Step 4
Step 5
Step 6
Example:
Device>
enable configure terminal
Enters global configuration mode.
Example:
Device#
configure terminal
event manager history size {events | traps} [size]
Use this command to change the size of the EEM event history table or the size of the EEM SNMP trap history table.
In the following example, the size of the EEM event history table is changed to 30 entries:
Example:
Device(config)#
event manager history size events 30 exit
Exits global configuration mode and returns to privileged EXEC mode.
Example:
Device(config)#
exit
show event manager history events [detailed] [maximum number]
Use this command to display detailed information about each EEM event, for example:
Example:
4
5
6
7
8
Device#
show event manager history events
No.
Time of Event Event Type
1
2
3
Fri Aug13
Fri Aug13
Wed Aug18
21:42:57 2004
22:20:29 2004
21:54:48 2004 snmp snmp snmp
Wed Aug18 22:06:38 2004 snmp
Wed Aug18 22:30:58 2004 snmp
Wed Aug18 22:34:58 2004 snmp
Wed Aug18 22:51:18 2004 snmp
Wed Aug18 22:51:18 2004 application
Name applet: SAAping1 applet: SAAping1 applet: SAAping1 applet: SAAping1 applet: SAAping1 applet: SAAping1 applet: SAAping1 applet: CustApp1
show event manager history traps {server | policy}
Use this command to display the EEM SNMP traps that have been sent either from the EEM server or from an EEM policy. In the following example, the EEM SNMP traps that were triggered from within an EEM policy are displayed.
Example:
Device#
show event manager history traps policy
No.
Time Trap Type
1
2
3
Wed Aug18
Wed Aug18
Wed Aug18
22:30:58 2004
22:34:58 2004
22:51:18 2004 policy policy policy
Name
EEM Policy Director
EEM Policy Director
EEM Policy Director
Embedded Event Manager Configuration Guide
53
Displaying Embedded Event Manager Registered Policies
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Displaying Embedded Event Manager Registered Policies
Perform this optional task to display registered EEM policies.
SUMMARY STEPS
1. enable
2. show event manager policy registered [event-type event-name] [time-ordered| name-ordered]
DETAILED STEPS
Step 1
Step 2 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device>
enable
show event manager policy registered [event-type event-name] [time-ordered| name-ordered]
Use this command with the time-ordered keyword to display information about currently registered policies sorted by time, for example:
Example:
Device#
show event manager policy registered time-ordered
No.
Type Event Type Time Registered Name
1 applet snmp Thu May30 05:57:16 2004 memory-fail oid {1.3.6.1.4.1.9.9.48.1.1.1.6.1} get-type exact entry-op lt entry-val
{5120000} poll-interval 90 action 1.0 syslog priority critical msg "Memory exhausted; current available memory is $_snmp_oid_val bytes"
2 action 2.0 force-switchover applet syslog Wed Jul16 00:05:17 2004 intf-down pattern {.*UPDOWN.*Ethernet1/0.*} action 1.0 cns-event msg "Interface state change: $_syslog_msg"
Use this command with the name-ordered keyword to display information about currently registered policies sorted by name, for example:
Example:
Device#
show event manager policy registered name-ordered
No.
Type
1 applet
Event Type syslog
Time Registered Name
Wed Jul16 00:05:17 2004 intf-down
2 pattern {.*UPDOWN.*Ethernet1/0.*} action 1.0 cns-event msg "Interface state change: $_syslog_msg" applet snmp Thu May30 05:57:16 2004 memory-fail oid {1.3.6.1.4.1.9.9.48.1.1.1.6.1} get-type exact entry-op lt entry-val
{5120000} poll-interval 90 action 1.0 syslog priority critical msg "Memory exhausted; current available memory is $_snmp_oid_val bytes" action 2.0 force-switchover
54
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Event SNMP Notification
Use this command with the event-typekeyword to display information about currently registered policies for the event type specified in the event-name argument, for example:
Example:
Device#
show event manager policy registered event-type syslog
No.
Type
1 applet
Event Type syslog
Time Registered
Wed Jul16
Name
00:05:17 2004 intf-down pattern {.*UPDOWN.*Ethernet1/0.*} action 1.0 cns-event msg "Interface state change: $_syslog_msg"
Configuring Event SNMP Notification
Perform this task to configure SNMP notifications.
Before You Begin
• SNMP event manager must be configured using the snmp-server manager command.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. event [tag event-tag] snmp-notification oid oid-string oid-val comparison-value op operator [maxrun
maxruntime-number] [src-ip-address ip-address] [dest-ip-address ip-address] [default seconds] [direction
{incoming | outgoing}] [msg-op {drop | send}]
5. end
DETAILED STEPS
Step 1
Step 2
Command or Action enable
Example:
Device> enable
configure terminal
Example:
Device# configure terminal
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
Embedded Event Manager Configuration Guide
55
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Multiple Event Support
Step 3
Step 4
Step 5
Command or Action
event manager applet applet-name
Purpose
Registers the applet with the event manager server and enters applet configuration mode.
Example:
Device(config)# event manager applet snmp
event [tag event-tag] snmp-notification oid oid-string oid-val
comparison-value op operator [maxrun maxruntime-number]
[src-ip-address ip-address] [dest-ip-address ip-address]
[default seconds] [direction {incoming | outgoing}] [msg-op
{drop | send}]
Specifies the event criteria for an Embedded Event
Manager (EEM) applet that is run by sampling Simple
Network Management Protocol (SNMP) notification.
Example:
Device(config-applet)# event snmp-notification dest-ip-address 192.168.1.1 oid 1 op eq oid-val 10
end
Exits applet configuration mode and returns to privileged EXEC mode.
Example:
Device(config-applet)# end
Configuring Multiple Event Support
The multiple event support feature adds the ability to register multiple events in the EEM server. The multiple event support involves one or more event occurrences, one or more tracked object states, and a time period for the event to occur. The event parameters are specified in the CLI commands. The data structure to handle multiple events contains multiple event identifiers and correlation logic. This data is used to register multiple events in the EEM Server.
Setting the Event Configuration Parameters
The trigger command enters the trigger applet configuration mode and specifies the multiple event configuration statements for EEM applets. The trigger statement is used to relate multiple event statement using the tag argument specified in each event statement. The events are raised based on the specified parameters.
56
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Multiple Event Support
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. event [tag event-tag] cli pattern regular-expression sync {yes | no skip {yes | no}} [occurs
num-occurrences] [period period-value] [maxrun maxruntime-number]
5. trigger [occurs occurs-value] [period period-value] [period-start period-start-value] [delay delay-value]
6. correlate {event event-tag | track object-number} [boolean-operator event event-tag]
7. attribute tag event-tag [occurs occurs-value]
8. action label cli command cli-string
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name
Example:
Device(config)# event manager applet EventInterface
Registers an applet with EEM and enters applet configuration mode.
event [tag event-tag] cli pattern regular-expression sync {yes
| no skip {yes | no}} [occurs num-occurrences] [period
period-value] [maxrun maxruntime-number]
Specifies the event criteria for an EEM applet that is run by matching a Cisco IOS command-line interface
(CLI) command.
Example:
Device(config-applet)# event tag 1.0 cli pattern
“show bgp all” sync yes occurs 32 period 60 maxrun 60
trigger [occurs occurs-value] [period period-value]
[period-start period-start-value] [delay delay-value]
Example:
Device(config-applet)# trigger occurs 1 period-start
“0 8 * * 1-5” period 60
Specifies the complex event configuration parameters for an EEM applet.
Embedded Event Manager Configuration Guide
57
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
Step 6
Step 7
Step 8
Command or Action Purpose
correlate {event event-tag | track object-number}
[boolean-operator event event-tag]
Example:
Device(config-applet)# correlate event 1.0 or event
2.0
Specifies a complex event correlation in the trigger mode for an EEM applet.
Note
When "and" is used to group events such as traps or syslog messages, then the default trigger occurrence window is three minutes.
attribute tag event-tag [occurs occurs-value] Specifies up to eight attribute statements to build a complex event for an EEM applet.
Example:
Device(config-applet)# attribute tag 1.0 occurs 1
action label cli command cli-string
Example:
Device(config-applet)# action 1.0 cli command
“show pattern
”
Specifies the action of executing a CLI command when an EEM applet is triggered.
Examples
In the following example, applet is run if the show bgp all CLI command and any syslog message that contains the string "COUNT” occurred within a period 60 seconds.
event manager applet delay_50 event tag 1.0 cli pattern "show bgp all" sync yes occurs 32 period 60 maxrun 60 event tag 2.0 syslog pattern "COUNT" trigger occurs 1 delay 50 correlate event 1.0 or event 2.0
attribute tag 1.0 occurs 1 attribute tag 2.0 occurs 1 action 1.0 cli command "show pattern" action 2.0 cli command "enable" action 3.0 cli command "config terminal" action 4.0 cli command " ip route 192.0.2.0 255.255.255.224 192.0.2.12" action 91.0 cli command "exit" action 99.0 cli command "show ip route | incl 192.0.2.5"
Configuring EEM Class-Based Scheduling
To schedule Embedded Event Manager (EEM) policies and set policy scheduling options, perform this task.
In this task, two EEM execution threads are created to run applets assigned to the default class.
The EEM policies will be assigned a class using the class keyword when they are registered. EEM policies registered without a class will be assigned to the default class. Threads that have default class, will service the default class when the thread is available for work. Threads that are assigned specific class letters will service any policy with a matching class letter when the thread is available for work.
58
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
If there is no EEM execution thread available to run the policy in the specified class and a scheduler rule for the class is configured, the policy will wait until a thread of that class is available for execution. Synchronous policies that are triggered from the same input event should be scheduled in the same execution thread.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager scheduler {applet | axp | call-home} thread class class-options number thread-number
4. exit
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager scheduler {applet | axp | call-home}
thread class class-options number thread-number
Schedules EEM policies and sets policy scheduling options.
• In this example, two EEM execution threads are created to run applets assigned to the default class.
Example:
Device(config)# event manager scheduler applet thread class default number 2
exit
Exits global configuration mode and returns to privileged
EXEC mode.
Example:
Device(config)# exit
Holding a Scheduled EEM Policy Event or Event Queue
To hold a scheduled EEM policy event or event queue in the EEM scheduler, perform this task. In this task, all pending EEM policies are displayed. A policy identified using a job ID of 2 is held in the EEM scheduler, and the final step shows that the policy with a job ID of 2 has changed status from pending to held.
Embedded Event Manager Configuration Guide
59
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
SUMMARY STEPS
1. enable
2. show event manager policy pending [queue-type{applet | call-home | axp | script} class class-options
| detailed]
3. event manager scheduler hold {all| policy job-id | queue-type {applet | call-home | axp | script} class
class-options} [processor {rp_primary| rp_standby}]
4. show event manager policy pending [queue-type{applet | call-home | axp | script} class class-options
| detailed
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Example:
Device> enable
show event manager policy pending [queue-type{applet |
call-home | axp | script} class class-options | detailed]
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Displays the pending EEM policies.
Example:
Device# show event manager policy pending
event manager scheduler hold {all| policy job-id | queue-type
{applet | call-home | axp | script} class class-options} [processor
{rp_primary| rp_standby}]
Holds a scheduled EEM policy event or event queue in the EEM scheduler.
• In this example, a policy with a job ID of 2 is put on hold.
Example:
Device# event manager scheduler hold policy 2
show event manager policy pending [queue-type{applet |
call-home | axp | script} class class-options | detailed
Displays the status of EEM policy put on hold in
Step 3 as held, along with other pending policies.
Example:
Device# show event manager policy pending
Examples
The following example shows how to view all pending EEM policies and to hold the EEM policy with a job
ID of 2.
Device#
show event manager policy pending
no. job id status time of event
1 1 event type pend Thu Sep 7 02:54:04 2006 syslog name applet: one
60
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
2 2
3 3 pend Thu Sep 7 02:54:04 2006 syslog pend Thu Sep 7 02:54:04 2006 syslog
Device#
event manager scheduler hold policy 2
Device#
show event manager policy pending
no. job id status time of event
1 1 pend Thu Sep 7 02:54:04 2006 event type syslog
2 2
3 3 held pend
Thu Sep 7
Thu Sep 7
02:54:04 2006
02:54:04 2006 syslog syslog applet: two applet: three name applet: one applet: two applet: three
Resuming Execution of EEM Policy Events or Event Queues
To resume the execution of specified EEM policies, perform this task. In this task, the policy that was put on hold in the Holding a Scheduled EEM Policy Event or Event Queue task is now allowed to resume execution.
SUMMARY STEPS
1. enable
2. show event manager policy pending
3. event manager scheduler release {all | policy policy-id | queue-type {applet | call-home | axp | script}}
class class-options [processor {rp_primary | rp_standby}]
4. show event manager policy pending
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager policy pending
Example:
Device# show event manager policy pending
Displays the pending and held EEM policies.
Note
Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS Network
Management Command Reference.
event manager scheduler release {all | policy
policy-id | queue-type {applet | call-home | axp |
script}} class class-options [processor {rp_primary
| rp_standby}]
Resumes execution of specified EEM policies.
• The example shows how to resume the execution of the policy with job ID of 2.
Example:
Device# event manager scheduler release policy 2
show event manager policy pending
Example:
Device# show event manager policy pending
Displays the status of the EEM policy resumed in Step 3 as pending, along with other pending policies.
Note
Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS Network
Management Command Reference.
Embedded Event Manager Configuration Guide
61
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
Command or Action Purpose
Examples
The following example shows how to view all pending EEM policies, to specify the policy that will resume execution, and to see that the policy is now back in a pending status.
Device#
show event manager policy pending
no. job id status time of event
1 1
2 2 pend held
Thu Sep 7
Thu Sep 7
02:54:04 2006
02:54:04 2006 event type syslog syslog
3 3 pend Thu Sep 7 02:54:04 2006 syslog
Rotuer#
event manager scheduler release policy 2
Rotuer#
show event manager policy pending
no. job id status time of event
1 1 event type pend Thu Sep 7 02:54:04 2006 syslog
2 2
3 3 pend Thu Sep 7 02:54:04 2006 syslog pend Thu Sep 7 02:54:04 2006 syslog name applet: one applet: two applet: three name applet: one applet: two applet: three
Clearing Pending EEM Policy Events or Event Queues
Perform this task to clear EEM policies that are executing or pending execution. In this task, the EEM policy with a job ID of 2 is cleared from the pending queue. The show event manager policy pending command is used to display the policies that are pending before and after the policy is cleared.
SUMMARY STEPS
1. enable
2. show event manager policy pending
3. event manager scheduler clear {all | policy job-id | queue-type {applet | call-home | axp | script} class
class-options} [processor {rp_primary | rp_standby}]
4. show event manager policy pending
DETAILED STEPS
Step 1
Step 2
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager policy pending
Example:
Device# show event manager policy pending
Displays the pending EEM policies.
Note
Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS Network
Management Command Reference.
62
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
Step 3
Step 4
Command or Action Purpose
event manager scheduler clear {all | policy job-id
| queue-type {applet | call-home | axp | script} class
class-options} [processor {rp_primary |
rp_standby}]
Clears EEM policies that are executing or pending execution.
• In this example, the EEM policy with a job ID of 2 is cleared from the pending queue.
Example:
Device# event manager scheduler clear policy
2
show event manager policy pending
Example:
Device# show event manager policy pending
Displays all the pending EEM policies except the policy cleared in Step 3.
Note
Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS Network
Management Command Reference.
Examples
The following example shows how to clear the EEM policy with a job ID of 2 that was pending execution.
The show commands are used to display the policies that are pending before and after the policy is cleared.
Device#
show event manager policy pending
no. job id status time of event
1
2
3
1
2
3 event type pend Thu Sep 7 02:54:04 2006 syslog pend Thu Sep 7 02:54:04 2006 syslog pend Thu Sep 7 02:54:04 2006 syslog
Device#
event manager scheduler clear policy 2
Device#
show event manager policy pending
no. job id status time of event
1 1 pend Thu Sep 7 02:54:04 2006 event type syslog
3 3 pend Thu Sep 7 02:54:04 2006 syslog name applet: one applet: two applet: three name applet: one applet: three
Modifying the Scheduling Parameters of EEM Policy Events or Event Queues
To modify the scheduling parameters of the EEM policies, perform this task. The show event manager policy
pending command displays policies that are assigned to the B or default class. All the currently pending policies are then changed to class A. After the configuration modification, the show event manager policy
pending command shows all policies assigned as class A.
SUMMARY STEPS
1. enable
2. show event manager policy pending
3. event manager scheduler modify {all | policy job-id | queue-type {applet | call-home | axp | script} |
class class-options} [queue-priority {high | last | low | normal}][processor {rp_primary | rp_standby}]
4. show event manager policy pending
Embedded Event Manager Configuration Guide
63
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager policy pending
Example:
Device# show event manager policy pending
Displays the pending EEM policies.
Note
Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS Network
Management Command Reference.
event manager scheduler modify {all | policy job-id
| queue-type {applet | call-home | axp | script} | class
class-options} [queue-priority {high | last | low |
normal}][processor {rp_primary | rp_standby}]
Modifies the scheduling parameters of the EEM policies.
• In this example, all currently pending EEM policies are assigned to class A.
Example:
Device#
A event manager scheduler modify all class show event manager policy pending
Example:
Device# show event manager policy pending
Displays the EEM policies modified in Step 3 along with other pending policies.
Note
Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS Network
Management Command Reference.
Examples
The following example shows how to modify the scheduling parameters of the EEM policies. In this example, the show event manager policy pending command displays policies that are assigned to the B or default class. All the currently pending policies are then changed to class A. After the configuration modification, the show event manager policy pending command verifies that all policies are now assigned as class A.
Device#
show event manager policy pending
no. class status time of event event type
1 default pend Thu Sep 7 02:54:04 2006 syslog
2 default pend Thu Sep 7 02:54:04 2006 syslog
3 B pend Thu Sep 7 02:54:04 2006 syslog
Device#
event manager scheduler modify all class A
Device#
show event manager policy pending
no. class status time of event
1 A pend Thu Sep 7 02:54:04 2006 event type syslog
2 A
3 A pend pend
Thu Sep 7
Thu Sep 7
02:54:04 2006
02:54:04 2006 syslog syslog name applet: one applet: two applet: three name applet: one applet: two applet: three
64
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
Verifying Class-Based Scheduled Activities of EEM Policies
To verify the scheduled activities of the EEM policies, use the show event manager schedulercommand.
SUMMARY STEPS
1. show event manager scheduler thread [queue-type {applet| call-home | axp | script} class class-options
| detailed]
DETAILED STEPS
show event manager scheduler thread [queue-type {applet| call-home | axp | script} class class-options | detailed]
This command displays all the EEM execution threads from the scheduler perspective and the details of the running policies. This command includes detailed and queue-type optional keywords. The following is sample output from this command:
Example:
Device#
show event manager scheduler thread
1 Script threads service class default total: 1 running: 1 idle: 0
2 Script threads service class range A-D total: 3 running: 0 idle: 3
3 Applet threads service class default total: 32 running: 0 idle: 32
4 Applet threads service class W X total: 5 running: 0 idle: 5
To display the details of the running policies using the scheduler threads use the detailed keyword. The following is sample output for this keyword:
Example:
Device#
show event manager scheduler thread detailed
1 Script threads service class default total: 5 running: 5 idle: 0
1 job id: 12341, pid: 101, name: loop.tcl
2 job id: 12352, pid: 52, name: loop.tcl
3 job id: 12363, pid: 55, name: loop.tcl
4 job id: 12395, pid: 53, name: loop.tcl
5 job id: 12588, pid: 102, name: loop.tcl
2 Applet threads service class default total: 32 running: 5 idle: 27
1 job id: 15585, pid: 104, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
2 job id: 15586, pid: 105, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
3 job id: 15587, pid: 106, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
4 job id: 15589, pid: 107, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
5 job id: 15590, pid: 80, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
To display the scheduler threads of a queue-type use the queue-type keyword. The following are the sample output for this keyword:
Example:
Device#
show event manager sched thread queue-type applet
1 Applet threads service class default
Embedded Event Manager Configuration Guide
65
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Class-Based Scheduling
total: 32 running: 7 idle: 25
Device#
show event manager sched thread queue-type applet detailed
1 Applet threads service class default total: 32 running: 5 idle: 27
1 job id: 15700, pid: 103, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
2 job id: 15701, pid: 104, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
3 job id: 15703, pid: 106, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
4 job id: 15704, pid: 107, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
5 job id: 15706, pid: 55, name: WDOG_SYSLG_CNTR_TRACK_INTF_APPL
Verifying Class-Based Active EEM Policies
To verify the active or the running EEM policies, use the show event manager policy active command.
SUMMARY STEPS
1. show event manager policy active [queue-type {applet| call-home | axp | script} class class-options |
detailed]
DETAILED STEPS
show event manager policy active [queue-type {applet| call-home | axp | script} class class-options | detailed]
This command displays only the running EEM policies. This command includes class, detailed and queue-type optional keywords. The following is sample output from this command:
Example:
Device#
show event manager policy active
no. job id p s status time of event event type name
1 12598 N A running Mon Oct29 20:49:37 2007 timer watchdog loop.tcl
2 12609 N A running Mon Oct29 20:49:42 2007 timer watchdog loop.tcl
3 12620 N A running Mon Oct29 20:49:46 2007 timer watchdog loop.tcl
4 12650 N A running Mon Oct29 20:49:59 2007 timer watchdog loop.tcl
5 12842 N A running Mon Oct29 20:51:13 2007 timer watchdog loop.tcl
default class - 6 applet events no. job id p s status time of event event type name
1 15852 N A running Mon Oct29 21:11:09 2007 counter WDOG_SYSLG_CNTR_TRACK_INTF_APPL
2 15853 N A running Mon Oct29 21:11:09 2007 counter WDOG_SYSLG_CNTR_TRACK_INTF_APPL
3 15854 N A running Mon Oct29 21:11:10 2007 counter WDOG_SYSLG_CNTR_TRACK_INTF_APPL
4 15855 N A running Mon Oct29 21:11:10 2007 timer watchdog WDOG_SYSLG_CNTR_TRACK_INTF_APPL
5 15856 N A running Mon Oct29 21:11:11 2007 counter WDOG_SYSLG_CNTR_TRACK_INTF_APPL
6 15858 N A running Mon Oct29 21:11:11 2007 counter WDOG_SYSLG_CNTR_TRACK_INTF_APPL
Verifying Pending EEM Policies
To verify the EEM policies that are pending for execution, use the show event manager policy pending command. Use the optional keywords to specify EEM class-based scheduling options.
66
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Applet (Interactive CLI) Support
SUMMARY STEPS
1. show event manager policy pending [queue-type {applet| call-home | axp | script} class class-options
| detailed]
DETAILED STEPS
show event manager policy pending [queue-type {applet| call-home | axp | script} class class-options | detailed]
This command displays only the pending policies. This command includes class, detailed and queue-type optional keywords. The following is sample output from this command:
Example:
3
4
5
Device#
show event manager policy pending
no. job id p s status time of event event type name
1
2
12851
12868
N A
N A pend pend
Mon Oct29
Mon Oct29
20:51:18 2007
20:51:24 2007 timer watchdog timer watchdog loop.tcl
loop.tcl
12873 N A
12907 N A
13100 N A pend pend pend
Mon Oct29 20:51:27 2007 timer watchdog loop.tcl
Mon Oct29 20:51:41 2007 timer watchdog loop.tcl
Mon Oct29 20:52:55 2007 timer watchdog loop.tcl
Configuring EEM Applet (Interactive CLI) Support
The synchronous applets are enhanced to support interaction with the local console (tty) using two commands,
action gets and action puts, and these commands allow users to enter and display input directly on the console.
The output for synchronous applets will bypass the system logger. The local console will be opened by the applets and serviced by the corresponding synchronous Event Detector pty. Synchronous output will be directed to the opened console.
Reading and Writing Input from the Active Console for Synchronous EEM Applets
Use the following tasks to implement EEM applet interactive CLI support:
Reading Input from the Active Console
When a synchronous policy is triggered, the related console is stored in the publish information specification.
The policy director will query this information in an event_reqinfo call, and store the given console information for use by the action gets command.
The action gets command reads a line of the input from the active console and stores the input in the variable.
The trailing new line will not be returned.
Embedded Event Manager Configuration Guide
67
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Applet (Interactive CLI) Support
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. event none
5. action label gets variable
6. action label syslog [priority priority-level msg msg-text
7. exit
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name Registers the applet with the EEM and enters applet configuration mode.
Example:
Device(config)# event manager applet action
event none
Specifies that an EEM policy is to be registered with the EEM and can be run manually.
Example:
Device(config-applet)# event none
action label gets variable
Gets input from the local console in a synchronous applet and stores the value in the given variable when an EEM applet is triggered.
Example:
Device(config-applet)# action label2 gets input
action label syslog [priority priority-level msg
msg-text
Example:
Device(config-applet)# action label3 syslog msg
“Input entered was \”$input\“”
Specifies the action to be taken when an EEM applet is triggered.
• In this example, the action to be taken is to write the value of the variable specified in Step 5, to syslog.
68
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Applet (Interactive CLI) Support
Step 7
Command or Action exit
Example:
Device(config-applet)# exit
Purpose
Exits applet configuration mode and returns to privileged
EXEC mode.
Example
The following example shows how to get the input from the local tty in a synchronous applet and store the value
Device(config)#
event manager applet action
Device(config-applet)#
event none
Device(config-applet)#
action label2 gets input
Device(config-applet)# action label3 syslog msg “Input entered was \”$input\“”
Writing Input to the Active Console
When a synchronous policy is triggered, the related console is stored in the publish information specification.
The policy director will query this information in an event_reqinfo call, and store the given console information for use by the action puts command.
The action puts command will write the string to the active console. A new line will be displayed unless the
nonewline keyword is specified. The output from the action puts command for a synchronous applet is displayed directly to the console, bypassing the system logger. The output of the action puts command for an asynchronous applet is directed to the system logger.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. event none
5. action label regexp string-pattern string-input [string-match [string-submatch1] [string-submatch2]
[string-submatch3]]
6. action label puts [nonewline] string
7. exit
8. event manager run applet-name
DETAILED STEPS
Step 1
Command or Action enable
Purpose
Enables privileged EXEC mode.
Embedded Event Manager Configuration Guide
69
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring EEM Applet (Interactive CLI) Support
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Command or Action Purpose
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name Registers the applet with the EEM and enters applet configuration mode.
Example:
Device(config)# event manager applet action
event none
Specifies that an EEM policy is to be registered with the EEM and can be run manually.
Example:
Device(config-applet)# event none
action label regexp string-pattern string-input
[string-match [string-submatch1] [string-submatch2]
[string-submatch3]]
Specifies the action to match the regular expression pattern on an input string when an EEM applet is triggered.
Example:
Device(config-applet)# action 1 regexp "(.*)
(.*) (.*)" "one two three" _match _sub1
action label puts [nonewline] string
Example:
Device(config-applet)# action 2 puts "match is $_match"
Specifies the action of printing data directly to the local console when an EEM applet is triggered.
• The nonewline keyword is optional and is used to suppress the display of the new line character.
exit
Exits applet configuration mode and returns to privileged
EXEC mode.
Example:
Device(config-applet)# exit
event manager run applet-name
Example:
Device# event manager run action
Manually runs a registered EEM policy.
• In this example, the policy registered in Step 3 is triggered and the associated actions specified in Step 5 and Step 6 are executed.
70
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
Example
The following example shows how the action puts command prints data directly to the local console:
Device(config-applet)#
event manager applet puts
Device(config-applet)#
event none
Device(config-applet)#
action 1 regexp "(.*) (.*) (.*)" "one two three" _match _sub1
Device(config-applet)#
action 2 puts "match is $_match"
Device(config-applet)#
action 3 puts "submatch 1 is $_sub1"
Device#
event manager run puts
match is one two three submatch 1 is one
Configuring SNMP Library Extensions
Depending on your release, the SNMP Library Extensions feature allows you to perform the following configurations.
Prerequisites
To use this feature, you must be running Cisco IOS Release 12.4(22)T or a later release.
SNMP Get and Set Operations
The SNMP Library Extensions feature extends the EEM applet action info and Tcl
sys_reqinfo_snmpcommands to include functionality for SNMP get-one, get-next, getid and set-any operations.
SNMP Get Operation
The SNMP event manager performs the SNMP get operation to retrieve one or more variables for the managed objects. Using the action info type snmp oid get-typeand action info type snmp getidcommands, you can configure the SNMP event manager to send an SNMP get request by specifying the variables to retrieve, and the IP address of the agent.
For example, if you want to retrieve the variable with the OID value of 1.3.6.1.2.1.1.1, you should specify the variable value, that is 1.3.6.1.2.1.1.1. If the specified values do not match, a trap will be generated and an error message will be written to the syslog history.
The action info type snmp oid get-type command specifies the type of the get operation to be performed.
To retrieve the exact variable, the get operation type should be specified as exact. To retrieve a lexicographical successor of the specified OID value, the get operation type should be set to next.
The table below shows the built-in variables, in which the values retrieved from SNMP get operation are stored.
Table 7: Built-in Variables for action info type snmp oid Command
Built-in Variable
_info_snmp_oid
_info_snmp_value
Description
The SNMP object ID.
The value string of the associated SNMP data element.
Embedded Event Manager Configuration Guide
71
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
GetID Operation
The action info type snmp getid command retrieves the following variables from the SNMP entity:
• sysDescr.0
• sysObjectID.0
• sysUpTime.0
• sysContact.0
• sysName.0
• sysLocation.0
The table below shows the built-in variables, in which the values retrieved from the SNMP getID operation are stored.
Table 8: Built-in Variables for action info type snmp getid Command
Built-in Variable
_info_snmp_syslocation_oid
_info_snmp_syslocation_value
_info_snmp_sysdescr_oid
_info_snmp_sysdescr_value
_info_snmp_sysobjectid_oid
_info_snmp_sysobjectid_value
_info_snmp_sysuptime_oid
_info_snmp_sysuptime_value
_info_snmp_syscontact_oid
_info_snmp_syscontact_value
Description
The OID value of the sysLocation variable.
The value string for the sysLocation variable.
The OID value of the sysDescr variable.
The value string for the sysDescr variable.
The OID value of the sysObjectID variable.
The value string for the sysObjectID variable.
The OID value of the sysUptime variable.
The value string for the sysUptime variable.
The OID value of the sysContact variable.
The value string for the sysContact variable.
The get operation requests can be sent to both local and remote hosts.
SNMP Set Operation
All SNMP variables are assigned a default value in the MIB view. The SNMP event manager can modify the value of these MIB variables through set operation. The set operation can be performed only on the system that allows read-write access.
72
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
To perform a set operation, you must specify the type of the variable and the value associated with it.
The table below shows the valid OID types and values for each OID type.
Table 9: OID Type and Value for Set Operation
OID Type counter32 gauge integer ipv4 octet string string unsigned32
Description
A 32-bit number with a minimum value of 0. When the maximum value is reached, the counter resets to 0. Integer value in the range from 0 to 4294967295 is valid.
A 32-bit number with a minimum value of 0. For example, the interface speed on a device is measured using a gauge object type. Integer value in the range from 0 to 4294967295 is valid.
A 32-bit number used to specify a numbered type within the context of a managed object. For example, to set the operational status of a device interface, 1 represents up and 2 represents down. Integer value in the range from 0 to 4294967295 is valid.
IP version 4 address. IPv4 address in dotted decimal notation is valid.
An octet string in hexadecimal notation used to represent physical addresses. Text strings are valid.
An octet string in text notation used to represent text strings.
Text strings are valid.
A 32-bit number used to represent decimal value.Unsigned
integer value in the range from 0 to 4294967295 is valid.
The set operation can carried out on both local and remote hosts.
SNMP Traps and Inform Requests
Traps are SNMP notifications that alert the SNMP manager or the NMS to a network condition.
SNMP inform requests refer to the SNMP notifications that alert the SNMP manager to a network condition and request for confirmation of receipt from the SNMP manager.
An SNMP event occurs when SNMP MIB object ID values are sampled, or when the SNMP counter crosses a defined threshold. If the notifications are enabled and configured for such events, the SNMP traps or inform messages generated. An SNMP notification event is triggered when an SNMP trap or inform message is received by the event manager server.
To send an SNMP trap or inform message when an Embedded Event Manager (EEM) applet is triggered, the
action info type snmp trap and action info type snmp informcommands are used. The
CISCO-EMBEDDED-EVENT-MGR-MIB.my is used to define the trap and inform messages.
Embedded Event Manager Configuration Guide
73
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
Configuring EEM Applet for SNMP Get and Set Operations
While registering a policy with the event manager server, the actions associated with an SNMP event can be configured.
Perform this task to configure EEM applet for SNMP set and get operations.
Before You Begin
• SNMP event manager must be configured using the snmp-server managercommand.
• The SNMP community string should be set by using the snmp-server community command to enable access to the SNMP entity.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. Do one of the following:
• event snmp oid oid-value get-type {exact | next} entry-op operator entry-val
entry-value[exit-comb | and}] [exit-op operator] [exit-val exit-value] [exit-time exit-time-value]
poll-interval poll-int-value
5. action label info type snmp oid oid-value get-type {exact| next} [community community-string]
[ipaddr ip-address]
6. action label info type snmp oid oid-value set-type oid-type oid-type-value community
community-string [ipaddr ip-address]
7. action label info type snmp getid oid-value [community community-string] [ipaddr ip-address]
8. exit
DETAILED STEPS
Step 1
Step 2
Command or Action enable
Example:
Device> enable
configure terminal
Example:
Device# configure terminal
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
74
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
Step 3
Step 4
Step 5
Step 6
Command or Action
event manager applet applet-name
Purpose
Registers the applet with the event manager server and enters applet configuration mode.
Example:
Device(config)# event manager applet snmp
Do one of the following:
• event snmp oid oid-value get-type {exact | next}
entry-op operator entry-val entry-value[exit-comb |
and}] [exit-op operator] [exit-val exit-value] [exit-time
exit-time-value] poll-interval poll-int-value
Specifies the event criteria that cause the EEM applet to run.
• In this example, an EEM event is triggered when free memory falls below the value of 5120000.
• Exit criteria are optional, and if not specified, event monitoring is reenabled immediately.
Example:
Device(config-applet)# event snmp oid
Example:
1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type exact
Example:
entry-op lt entry-val 5120000 poll-interval 90
action label info type snmp oid oid-value get-type {exact|
next} [community community-string] [ipaddr ip-address]
Specifies the type of get operation to perform.
Example:
• In this example, the type of get operation is specified as exact and community string is specified as public.
Device(config-applet)# action 1.3 info type
Example:
snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type
Example:
exact community public ipaddr 172.17.16.69
action label info type snmp oid oid-value set-type oid-type
oid-type-value community community-string [ipaddr
ip-address]
(Optional) Specifies the variable to be set.
• In this example, the sysName.0 variable is specified for the set operation and community string is specified as rw.
Example:
Device(config-applet)# action 1.4 info type
Note
For set operation, you must specify the SNMP community string.
Embedded Event Manager Configuration Guide
75
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
Step 7
Step 8
Command or Action Purpose
Example:
snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 set-type
Example:
integer 42220 sysName.0 community rw ipaddr
Example:
172.17.16.69
action label info type snmp getid oid-value [community
community-string] [ipaddr ip-address]
(Optional) Specifies if the individual variables should be retrieved by the getid operation.
Example:
Device(config-applet)# action 1.3 info type
Example:
snmp getid community public ipaddr 172.17.16.69
exit
Example:
Device(config)# exit
Exits global configuration mode and returns to privileged EXEC mode.
Configuring EEM Applet for SNMP OID Notifications
Perform this task to configure SNMP notifications.
Before You Begin
• SNMP event manager must be configured using the snmp-server managercommand and SNMP agents must be configured to send and receive SNMP traps generated for an EEM policy.
• SNMP traps and informs must be enabled by using the snmp-server enable traps event-manager and
snmp-server enable traps commands, to allow traps and inform requests to be sent from the device to the event manager server.
76
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. Do one of the following:
• event snmp oid oid-value get-type {exact | next} entry-op operator entry-val
entry-value[exit-comb | and}] [exit-op operator] [exit-val exit-value] [exit-time exit-time-value]
poll-interval poll-int-value
5. action label info type snmp var variable-name oid oid-value oid-type oid-type-value
6. action label info type snmp trap enterprise-oid enterprise-oid-value generic-trapnum
generic-trap-number specific-trapnum specific-trap-number trap-oid trap-oid-value trap-var
trap-variable
7. action label info type snmp inform trap-oid
trap-oid-value trap-var trap-variable community
community-string ipaddr ip-address
8. exit
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name Registers the applet with the event manager server and enters applet configuration mode.
Example:
Device(config)# event manager applet snmp
Do one of the following:
• event snmp oid oid-value get-type {exact | next}
entry-op operator entry-val entry-value[exit-comb |
and}] [exit-op operator] [exit-val exit-value] [exit-time
exit-time-value] poll-interval poll-int-value
Specifies the event criteria that cause the EEM applet to run.
• In this example, an EEM event is triggered when free memory falls below the value of 5120000.
• Exit criteria are optional, and if not specified, event monitoring is reenabled immediately.
Embedded Event Manager Configuration Guide
77
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring SNMP Library Extensions
Step 5
Step 6
Command or Action Purpose
Example:
Device(config-applet)# event snmp oid
Example:
1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type exact
Example:
entry-op lt entry-val 5120000 poll-interval 90
action label info type snmp var variable-name oid
oid-value oid-type oid-type-value
Example:
Device(config-applet)# action 1.3 info type
Specifies the instance of a managed object and its value.
• In this example, the sysDescr.0 variable is used.
Example:
snmp var sysDescr.0 oid
Example:
1.3.6.1.4.1.9.9.48.1.1.1.6.1 integer 4220
action label info type snmp trap enterprise-oid
enterprise-oid-value generic-trapnum generic-trap-number
specific-trapnum specific-trap-number trap-oid
trap-oid-value trap-var trap-variable
Generates an SNMP trap when the EEM applet is triggered.
• In this example, the authenticationFailure trap is generated.
Example:
Device(config-applet)# action 1.4 info type
Example:
snmp trap enterprise-oid 1.3.6.1.4.1.1
Note
The specific trap number refers to the enterprise-specific trap, which is generated when an enterprise event occurs. If the generic trap number is not set to 6, the specific trap number you specify will be used to generate traps.
Example:
generic-trapnum 4 specific-trapnum 7 trap-oid
Example:
1.3.6.1.4.1.1.226.0.2.1 trap-var sysUpTime.0
78
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
Step 7
Step 8
Command or Action Purpose action label info type snmp inform trap-oid
trap-oid-value
trap-var trap-variable community community-string
ipaddr ip-address
Generates an SNMP inform request when the EEM applet is triggered.
• In this example, the inform request is generated for the sysUpTime.0 variable.
Example:
Device(config-applet)# action 1.4 info type
Example:
snmp inform trap-oid 1.3.6.1.4.1.1.226.0.2.1
Example:
trap-var sysUpTime.0 community public ipaddr
Example:
172.69.16.2
exit
Example:
Device(config)# exit
Exits global configuration mode and returns to privileged mode.
Configuring Variable Logic for EEM Applets
The Variable Logic for EEM Applets feature adds the ability to apply conditional logic within EEM applets.
Before variable logic is introduced, applets have a linear structure where each action is executed in the order in which they are configured when the event is triggered. Conditional logic introduces a control structure that can change the flow of actions within applets depending on conditional expressions. Each control structure can contain a list of applet actions including looping and if/else actions which determine if the structure is executed or not.
The information in applet configuration mode is presented as background to set the context for the action commands.
To provide a consistent user interface between the Tool Command Language (Tcl) and the applet (CLI) based
EEM policies, the following criteria are followed:
• Event specification criteria are written in Tcl in the Tcl based implementation.
• Event specification data is written using the CLI applet submode configuration statements in the applet-based implementation.
Embedded Event Manager Configuration Guide
79
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
Applet configuration mode is entered using the event manager applet command. In applet configuration mode the config prompt changes to (config-applet)#. In applet configuration mode two types of config statements are supported:
• event - used to specify the event criteria to cause this applet to run.
• action - used to specify a built-in action to perform.
Multiple action applet config commands are allowed within an applet configuration. If no action applet config command is present, a warning is displayed, upon exit, stating no statements are associated with this applet.
When no statements are associated with this applet, events get triggered but no action is taken. If no commands are specified in applet configuration mode, the applet will be removed upon exit. The exit applet config command is used to exit from applet configuration mode.
Depending on your release, the Variable Logic for EEM Applets feature allows you to perform the following configurations.
Prerequisites
To use this feature, you must be running Cisco IOS Release 12.4(22)T or a later release.
Configuring Variable Logic for EEM Applets
EEM 3.0 adds new applet action commands to permit simple variable logic within applets.
To configure the variable logic using action commands perform the following tasks.
Specifying a Loop of Conditional Blocks
To specify a loop of a conditional block when an EEM applet is triggered, perform this task. In this task, a conditional loop is set to check if the value of the variable is less than 10. If the value of the variable is less than 10, then the message ‘i is $_i’ is written to the syslog.
Note
Depending on your release, the set (EEM) command is replaced by the action set command. See the
action label set command for more information. If the set (EEM) command is entered in certain releases, the IOS parser translates the set command to the action label set command.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. action label
set
5. action label while string_op1 operator string_op2
6. Add any action as required.
7. action label
end
80
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name
Example:
Device(config)# event manager applet condition
Registers the applet with the Embedded Event Manager
(EEM) and enters applet configuration mode.
action label
set
Sets an action for the event.
• In this example, the value of the variable i is set to 2.
Example:
Device(config-applet)#
action 1.0 set i 2
action label while string_op1 operator string_op2 Specifies a loop of a conditional block.
Example:
• In this example, a loop is set to check if the value of the variable i is less than 10.
Device(config-applet)# action 2 while $i lt 10
Add any action as required.
Example:
Device(config-applet)#
is $i" action 3 syslog msg "i
Performs the action as indicated by the action command.
• In this example, the message ‘i is $_i’ is written to the syslog.
action label
end
Exits from the running action.
Example:
Device(config-applet)#
action 3 end
Embedded Event Manager Configuration Guide
81
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
Specifying if else Conditional Blocks
To specify the beginning of an if conditional statement followed by an else conditional statement, perform this task. The if or else conditional statements can be used in conjunction with each other or separately. In this task, the value of a variable is set to 5. An if conditional block is then specified to check if the value of the variable is less than 10. Provided the if conditional block is satisfied, an action command to output the message ‘x is less than 10’ is specified.
Following the if conditional block, an else conditional block is specified. Provided the if conditional block is not satisfied, an action command to output the message ‘x is greater than 10’ is specified.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. action label set variable-name variable-value
5. action label if [stringop1] {eq | gt | ge | lt | le | ne} [stringop2]
6. Add any action as required.
7. action label else
8. Add any action as required.
9. end
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name Registers the applet with the Embedded Event Manager
(EEM) and enters applet configuration mode.
Example:
Device(config)# event manager applet ifcondition
action label set variable-name variable-value Sets an action for the event.
82
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
Step 5
Step 6
Step 7
Step 8
Step 9
Command or Action Purpose
• In this example, the value of the variable x is set to 5.
Example:
Device(config-applet)# action 1.0 set x 5
action label if [stringop1] {eq | gt | ge | lt | le | ne}
[stringop2]
Specifies an if conditional statement.
• In this example, an if conditional statement to check if the value of the variable is less than 10.
Example:
Device(config-applet)# action 2.0 if $x lt 10
Add any action as required.
Example:
Device(config-applet)# action 3.0 puts
“$x is less than 10
”
Performs the action as indicated by the action command.
• In this example, the message ‘5 is less than 10’ is displayed on the screen.
action label else Specifies an else conditional statement
Example:
Device(config-applet)# action 4.0 else
Add any action as required.
Example:
Device(config-applet)# action 5.0
end
Performs the action as indicated by the action command.
• In this example, the message ‘5 is greater than 10’ is displayed on the screen.
Exits from the running action.
Example:
Device(config-applet)# end
Specifying foreach Iterating Statements
To specify a conditional statement that iterates over an input string using the delimiter as a tokenizing pattern, perform this task. The foreach iteration statement is used to iterate through a collection to get the desired information. The delimiter is a regular expression pattern string. The token found in each iteration is assigned to the given iterator variable. All arithmetic calculations are performed as long integers with out any checks for overflow. In this task, the value of the variable x is set to 5. An iteration statement is set to run through the input string red, blue, green, orange. For every element in the input string, a corresponding message is displayed on the screen.
Embedded Event Manager Configuration Guide
83
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. action label foreach [string-iterator] [string-input] [string-delimiter]
5. Specify any action command
6. action label
end
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name
Example:
Device(config)# event manager applet iteration
Registers the applet with the Embedded Event Manager (EEM) and enters applet configuration mode.
action label foreach [string-iterator] [string-input]
[string-delimiter]
Iterates over an input string using the delimter as a tokenizing pattern.
Example:
• In this example, the iteration is run through the elements of the input string - red, blue, green and orange.
Device(config-applet)# action 2.0 foreach iterator "red blue green orange"
Specify any action command
Example:
Device(config-applet)# action 3.0 puts
"Iterator is $iterator"
Performs the action as indicated by the action command.
• In this example, the following message is displayed on the screen:
Iterator is red
Iterator is blue
Iterator is green
Iterator is orange
84
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
Step 6
Command or Action
action label
end
Example:
Device(config-applet)# action 4.0 end
Purpose
Exits from the running action.
Using Regular Expressions
To match a regular expression pattern with an input string, perform this task. Using regular expressions, you can specify the rules for a set of possible strings to be matched.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. action label regexp string-pattern string-input [string-match [string-submatch1] [string-submatch2]
[string-submatch3]]
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device#
configure terminal
event manager applet applet-name Registers the applet with the Embedded Event Manager (EEM) and enters applet configuration mode.
Example:
Device(config)#
regexp event manager applet
action label regexp string-pattern string-input
[string-match [string-submatch1] [string-submatch2]
[string-submatch3]]
Specifies an expression pattern to match with an input string.
• In this example, an input string of ‘red blue green’ is specified. When the expression pattern matches the input
Embedded Event Manager Configuration Guide
85
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets
Command or Action
Example:
Device(config-applet)#
action 2.0 regexp "(.*)
(.*) (.*)" "red blue green" _match _sub1
Purpose
string, the entire result red blue green is stored in the variable _match and the submatch redis stored in the variable _sub1.
Incrementing the Values of Variables
To increment the value of variables, perform this task. In this task, the value of a variable is set to 20 and then the value is incremented by 12.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. action label
set
5. action label increment variable-name long-integer
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet applet-name
Example:
Device(config)# event manager applet increment
Registers the applet with the Embedded Event Manager
(EEM) and enters applet configuration mode.
action label
set
Sets an action for the event.
86
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Event SNMP Object
Step 5
Command or Action
Example:
Device(config-applet)#
action 1.0 set varname 20
Purpose
• In this example, the value of the variable is set to 20.
action label increment variable-name long-integer Increments the value of variable by the specified long integer.
Example:
Device(config-applet)#
varname 12 action 2.0 increment
• In this example, the value of the variable is incremented by 12.
Configuring Event SNMP Object
Perform this task to register the Simple Network Management Protocol (SNMP) object event for an Embedded
Event Manager (EEM) applet that is run by sampling SNMP object.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet applet-name
4. event snmp-object oid oid-value type value sync {yes | no} skip {yes | no} istable {yes | no}
[default seconds] [maxrun maxruntime-number]
5. exit
DETAILED STEPS
Step 1
Command or Action enable
Step 2
Example:
Device> enable
configure terminal
Example:
Device# configure terminal
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
Embedded Event Manager Configuration Guide
87
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Event SNMP Object
Step 3
Step 4
Command or Action
event manager applet applet-name
Purpose
Registers the applet with the Embedded Event Manager and enters applet configuration mode.
Example:
Device(config)# event manager applet manual-policy
event snmp-object oid oid-value type
value sync {yes | no} skip {yes | no}
istable {yes | no} [default seconds]
[maxrun maxruntime-number]
Registers the Simple Network Management Protocol (SNMP) object event for an Embedded Event Manager (EEM) applet to intercept SNMP GET and SET requests for an object.
The default for this command is that it is not configured. If this command is configured the defaults are the same as in the description of the syntax options,
Example:
• The oidkeyword specifies the SNMP object identifier (object ID).
Device(config-applet)# event snmp-object oid 1.9.9.9.9 type gauge sync yes
Example:
• The oid-value argument can be the Object ID value of the data element, in
SNMP dotted notation. An OID is defined as a type in the associated MIB,
CISCO-EMBEDDED-EVENT-MGR-MIB, and each type has an object value.
action 1 syslog msg "oid =
$_snmp_oid"
• The istable keyword specifies whether the OID is an SNMP table.
Example:
action 2 syslog msg "request =
$_snmp_request"
• The sync keyword specifies that the applet is to run in synchronous mode.
The return code from the applet indicates whether to reply to the SNMP request. The description for code 0 is “do not reply to the request” and the description for code 1 is “reply to the request”. When the return code from the applet replies to the request, a value is specified in the applet for the object using action snmp-object-value command.
Example:
• The typekeyword specifies the type of object.
action 3 syslog msg "request_type
= $_snmp_request_type"
• The value argument is the value of the object.
• Theskip keyword specifies whether to skip CLI command execution.
• The default keyword specifies the time to process the SET or GET request normally by the applet. If the default keyword is not specified, the default time period is set to 30 seconds.
• The milliseconds argument is the time period during which the SNMP
Object event detector waits for the policy to exit.
• The maxrun keyword specifies the maximum runtime of the applet. If the
maxrun keyword is specified, the maxruntime-number value must be specified. If the maxrun keyword is not specified, the default applet run time is 20 seconds.
• The milliseconds argument is the maximum runtime of the apple in milliseconds. If the argument is not specified, the default 20-second run-time limit is used.
88
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Disabling AAA Authorization
Step 5
Command or Action exit
Example:
Device(config)# exit
Purpose
Exits global configuration mode and returns to privileged EXEC mode.
Disabling AAA Authorization
Perform this task to allow EEM policies to bypass AAA authorization when triggered.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet
applet-name [authorization bypass] [class class-options] [trap]
4. exit
DETAILED STEPS
Step 1
Step 2
Step 3
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager applet
applet-name [authorization
bypass] [class class-options] [trap]
Registers the applet with the Embedded Event Manager
(EEM) and enters applet configuration mode.
Example:
Device(config)# event manager applet one class
A authorization bypass
Embedded Event Manager Configuration Guide
89
Configuring Description of an Embedded Event Manager Applet
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Step 4
Command or Action exit
Example:
Device(config-aaplet)# exit
Purpose
Exits device configuration applet mode and returns to privileged EXEC mode.
Configuring Description of an Embedded Event Manager Applet
Perform this task to describe an EEM applet. The description of an applet can be added in any order, before or after any other applet configuration. Configuring a new description for an applet that already has a description overwrites the current description. An applet description is optional.
Perform this task to configure a new description for an applet.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager applet
applet-name
4. description line
5. event syslog pattern regular-expression
6. action label syslog msg msg-text
7. end
DETAILED STEPS
Step 1
Step 2
Command or Action enable
Example:
Device> enable
configure terminal
Example:
Device# configure terminal
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
90
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuration Examples for Writing EEM Policies Using the Cisco IOS CLI
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action event manager applet
applet-name
Purpose
Registers the applet with the EEM and enters applet configuration mode.
Example:
Device(config)# event manager applet increment
description line Adds or modifies the description of an EEM applet that is run by sampling Simple Network Management Protocol (SNMP).
Example:
Device(config-applet)# description "This applet looks for the word count in syslog messages"
event syslog pattern regular-expression
Example:
Device(config-applet)# event syslog pattern
"count"
Specifies the event criteria for an Embedded Event Manager
(EEM) applet that is run by matching syslog messages.
action label syslog msg msg-text
Example:
Device(config-applet)# action 1 syslog msg hi
Specifies the action to be taken when an EEM applet is triggered.
• In this example, the action taken is to write a message to syslog.
• The msg-text argument can be character text, an environment variable, or a combination of the two.
end
Example:
Device(config-applet)# end
Exits applet configuration mode and returns to privileged EXEC mode.
Configuration Examples for Writing EEM Policies Using the
Cisco IOS CLI
Embedded Event Manager Applet Configuration Examples
The following examples show how to create an EEM applet for some of the EEM event detectors. These examples follow steps outlined in the
Registering and Defining an Embedded Event Manager Applet, on
page 43 .
Embedded Event Manager Configuration Guide
91
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Applet Configuration Examples
Application-Specific Event Detector
The following example shows how a policy named EventPublish_A runs every 20 seconds and publishes an event type numbered 1 to an EEM subsystem numbered 798. The subsystem value of 798 specifies that a publish event has occurred from an EEM policy. A second policy named EventPublish_B is registered to run when the EEM event type 1 occurs with subsystem 798. When the EventPublish_B policy runs, it sends a message to syslog containing data passed as an argument from the EventPublish_A policy.
event manager applet EventPublish_A event timer watchdog time 20.0
action 1.0 syslog msg "Applet EventPublish_A" action 2.0 publish-event sub-system 798 type 1 arg1 twenty exit event manager applet EventPublish_B event application sub-system 798 type 1 action 1.0 syslog msg "Applet EventPublish_B arg1 $_application_data1"
CLI Event Detector
The following example shows how to specify an EEM applet to run when the Cisco IOS write memory CLI command is run. The applet provides a notification that this event has occurred via a syslog message. In the example, the sync keyword is configured with the yes argument, and this means that the event detector is notified when this policy completes running. The exit status of the policy determines whether the CLI command will be executed. In this example, the policy exit status is set to one and the CLI command runs.
event manager applet cli-match event cli pattern "write mem.*" sync yes action 1.0 syslog msg "$_cli_msg Command Executed" set 2.0 _exit_status 1
The following example shows an applet which matches the cli pattern with the test argument. When show
access-list test is entered, the CLI event detector matches the test argument, and the applet is triggered. The
debug event manager detector cli output is added to show num_matches is set to one.
!
event manager applet EEM-PIPE-TEST event cli pattern "test" sync yes action 1.0 syslog msg "Pattern matched!"
!
*Aug 23 23:19:59.827: check_eem_cli_policy_handler: command_string=show access-lists test
*Aug 23 23:19:59.827: check_eem_cli_policy_handler: num_matches = 1, response_code = 4
*Aug 23 23:19:59.843: %HA_EM-6-LOG: EEM-PIPE-TEST: Pattern matched!
Note
The functionality provided in the CLI event detector only allows a regular expression pattern match on a valid IOS CLI command itself. This does not include text after a pipe (|) character when redirection is used.
The following example shows that when show version | include test is entered, the applet fails to trigger because the CLI event detector does not match on characters entered after the pipe (|) character and the debug
event manager detector cli output shows num_matches is set to zero.
*Aug 23 23:20:16.827: check_eem_cli_policy_handler: command_string=show version
*Aug 23 23:20:16.827: check_eem_cli_policy_handler: num_matches = 0, response_code = 1
Counter Event Detector and Timer Event Detector
The following example shows that the EventCounter_A policy is configured to run once a minute and to increment a well-known counter called critical_errors. A second policy--EventCounter_B--is registered to be
92
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Applet Configuration Examples
triggered when the well-known counter called critical_errors exceeds a threshold of 3. When the
EventCounter_B policy runs, it resets the counter to 0.
event manager applet EventCounter_A event timer watchdog time 60.0
action 1.0 syslog msg
“EventCounter_A” action 2.0 counter name critical_errors op inc value 1 exit event manager applet EventCounter_B event counter name critical_errors entry-op gt entry-val 3 exit-op lt exit-val 3 action 1.0 syslog msg
“EventCounter_B” action 2.0 counter name critical_errors op set value 0
Interface Counter Event Detector
The following example shows how a policy named EventInterface is triggered every time the receive_throttle counter for Fast Ethernet interface 0/0 is incremented by 5. The polling interval to check the counter is specified to run once every 90 seconds.
event manager applet EventInterface event interface name FastEthernet0/0 parameter receive_throttle entry-op ge entry-val 5 entry-val-is-increment true poll-interval 90 action 1.0 syslog msg "Applet EventInterface"
Resource Event Detector
The following example shows how to specify event criteria based on an ERM event report for a policy defined to report high CPU usage: event manager applet policy-one event resource policy cpu-high action 1.0 syslog msg
“CPU high at $_resource_current_value percent”
RF Event Detector
The RF event detector is only available on networking devices that contain dual Route Processors (RPs). The following example shows how to specify event criteria based on an RF state change notification: event manager applet start-rf event rf event rf_prog_initialization action 1.0 syslog msg "rf state rf_prog_initialization reached"
RPC Event Detector
The RPC event detector allows an outside entity to make a Simple Object Access Protocol (SOAP) request to the device and invokes a defined EEM policy or script. The following example shows how an EEM applet called Event_RPC is being registered to run an EEM script: event manager applet Event_RPC event rpc action print puts "hello there"
The following example shows the format of the SOAP request and reply message:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP:Envelope xmlns:SOAP="http://www.cisco.com/eem.xsd">
<SOAP:Body>
<run_eemscript>
<script_name>Event_RPC</script_name>
</run_eemscript>
</SOAP:Body>
Embedded Event Manager Configuration Guide
93
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Applet Configuration Examples
</SOAP:Envelope>
]]>]]>
<?xml version="1.0" encoding="UTF-8"?><SOAP:Envelope xmlns:SOAP="http://www.cisco.com/eem.xsd"><SOAP:Body>
<run_eemscript_response><return_code>0</return_code><output></output></run_eemscript_response></SOAP:Body></SOAP:Envelope>]]>]]>
SNMP Event Detector
The following example shows how to specify an EEM applet to run when the CPU usage is greater than 75 percent. When the EEM applet runs, the CLI commands enable and show cpu processes are run, and an e-mail containing the result of the show cpu processes command is sent to an engineer.
event manager applet snmpcpuge75 event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.3.1 get-type exact entry-op ge entry-val 75 poll-interval 10 action 1.0 cli command "enable" action 2.0 cli command "show process cpu" action 3.0 mail server "192.168.1.146" to "[email protected]" from "[email protected]" subject "B25 PBX Alert" body "$_cli_result"
The next example is more complex and shows how to configure an EEM applet that causes a switch to the secondary (redundant) Route Processor (RP) when the primary RP runs low on memory.
This example illustrates a method for taking preventative action against a software fault that causes a memory leak. The action taken here is designed to reduce downtime by switching over to a redundant RP when a possible memory leak is detected.
The figure below shows a dual RP device that is running an EEM image. An EEM applet has been registered through the CLI using the event manager applet command. The applet will run when the available memory on the primary RP falls below the specified threshold of 5,120,000 bytes. The applet actions are to write a message to syslog that indicates the number of bytes of memory available and to switch to the secondary RP.
Figure 2: Dual RP Topology
The commands used to register the policy are shown below.
event manager applet memory-demo event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type exact entry-op lt entry-val 5120000 poll-interval 90 action 1.0 syslog priority critical msg "Memory exhausted; current available memory is
$_snmp_oid_val bytes" action 2.0 force-switchover
The registered applet is displayed using the show event manager policy registered command:
Device#
show event manager policy registered
No.
Type
1 applet
Event Type snmp
Time Registered Name
Thu Jan30 05:57:16 2003 memory-demo oid {1.3.6.1.4.1.9.9.48.1.1.1.6.1} get-type exact entry-op lt entry-val {5120000} poll-interval 90
94
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Applet Configuration Examples
action 1.0 syslog priority critical msg "Memory exhausted; current available memory is
$_snmp_oid_val bytes" action 2.0 force-switchover
For the purpose of this example, a memory depletion is forced on the device, and a series of show memory commands are executed to watch the memory deplete:
Device#
show memory
Head Total(b) Used(b)
Processor 53585260 212348444 119523060
Fast 53565260 131080 70360
Device#
show memory
Head Total(b) Used(b)
Processor 53585260 212364664 164509492
Fast 53565260
Device#
show memory
131080 70360
Head Total(b) Used(b)
Processor 53585260 212369492 179488300
Fast 53565260 131080 70360
Free(b) Lowest(b) Largest(b)
92825384
60720
92825384
60720
92365916
60668
Free(b) Lowest(b) Largest(b)
47855172 47855172 47169340
60720 60720 60668
Free(b) Lowest(b) Largest(b)
32881192 32881192 32127556
60720 60720 60668
When the threshold is reached, an EEM event is triggered. The applet named memory-demo runs, causing a syslog message to be written to the console and a switch to be made to the secondary RP. The following messages are logged:
00:08:31: %HA_EM-2-LOG: memory-demo: Memory exhausted; current available memory is
4484196 bytes
00:08:31: %HA_EM-6-FMS_SWITCH_HARDWARE: fh_io_msg: Policy has requested a hardware switchover
The following is partial output from the show running-config command on both the primary RP and the secondary (redundant) RP: redundancy mode sso
.
.
!
event manager applet memory-demo event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type exact entry-op lt entry-val
5120000 poll-interval 90 action 1.0 syslog priority critical msg "Memory exhausted; current available memory is $_snmp_oid_val bytes" action 2.0 force-switchover
SNMP Notification Event Detector
The following example shows how to configure the snmp-server community public RW and snmp-server
manager commands before event snmp-notification is configured.
snmp-server community public RW snmp-server manager
The following example shows how an EEM applet called SNMP_Notification is being registered to run an
EEM script when the device receives an SNMP notification on destination IP address 192.168.1.1 for object
ID 1 whose value equals 10.
event manager applet SNMP_Notification event snmp-notification dest_ip_address 192.168.1.1 oid 1 op eq oid-value 10 action 1 policy eem_script
Syslog Event Detector
The following example shows how to specify an EEM applet to run when syslog identifies that Ethernet interface 1/0 is down. The applet sends a message about the interface to syslog.
event manager applet interface-down
Embedded Event Manager Configuration Guide
95
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuration Examples for Embedded Event Manager Applet
event syslog pattern
“.*UPDOWN.*Ethernet1/0.*” occurs 4 action 1.0 syslog msg "Ethernet interface 1/0 changed state 4 times"
Configuration Examples for Embedded Event Manager Applet
Example Identity Event Detector
The following example shows how a policy named “EventIdentity” is triggered every time the authentication on the Fast Ethernet interface 0 is success.
event manager applet EventIdentity event identity interface FastEthernet0 authc success action 1.0 syslog msg "Applet EventIdentity"
Example MAT Event Detector
The following example shows how a policy named “EventMat” is triggered every time a mac-address is learned in the mac-address-table.
event manager applet EventMat event mat interface FastEthernet0 action 1.0 syslog msg "Applet EventMat"
Example Neighbor-Discovery Event Detector
The following example shows how a policy named “EventNeighbor” is triggered when a Cisco Discovery
Protocol (CDP) cache entry changes.
event manager applet EventNeighbor event neighbor-discovery interface FastEthernet0 cdp all action 1.0 syslog msg "Applet EventNeighbor"
Embedded Event Manager Manual Policy Execution Examples
The following examples show how to use the none event detector to configure an EEM policy (applet or script) to be run manually.
Using the event manager run Command
This example shows how to run a policy manually using the event manager run command. The policy is registered using the event none command under applet configuration mode and then run from global configuration mode using the event manager run command.
event manager applet manual-policy event none action 1.0 syslog msg "Manual-policy triggered" end
!
event manager run manual-policy
96
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Embedded Event Manager Watchdog System Monitor (Cisco IOS) Event Detector Configuration Example
Using the action policy Command
This example shows how to run a policy manually using the action policy command. The policy is registered using the event none command under applet configuration mode, and then the policy is executed using the
action policy command in applet configuration mode.
event manager applet manual-policy event none action 1.0 syslog msg "Manual-policy triggered" exit
!
event manager applet manual-policy-two event none action 1.0 policy manual-policy end
!
event manager run manual-policy-two
Embedded Event Manager Watchdog System Monitor (Cisco IOS) Event
Detector Configuration Example
The following example shows how to configure three EEM applets to demonstrate how the Cisco IOS watchdog system monitor (IOSWDSysMon) event detector works.
Watchdog System Monitor Sample1 Policy
The first policy triggers an applet when the average CPU usage for the process named IP Input is greater than or equal to 1 percent for 10 seconds: event manager applet IOSWD_Sample1 event ioswdsysmon sub1 cpu-proc taskname "IP Input" op ge val 1 period 10 action 1.0 syslog msg "IOSWD_Sample1 Policy Triggered"
Watchdog System Monitor Sample2 Policy
The second policy triggers an applet when the total amount of memory used by the process named Net Input is greater than 100 kb: event manager applet IOSWD_Sample2 event ioswdsysmon sub1 mem-proc taskname "Net Input" op gt val 100 is-percent false action 1.0 syslog msg "IOSWD_Sample2 Policy Triggered"
Watchdog System Monitor Sample3 Policy
The third policy triggers an applet when the total amount of memory used by the process named IP RIB Update has increased by more than 50 percent over the sample period of 60 seconds: event manager applet IOSWD_Sample3 event ioswdsysmon sub1 mem-proc taskname "IP RIB Update" op gt val 50 is-percent true period 60 action 1.0 syslog msg "IOSWD_Sample3 Policy Triggered"
The three policies are configured, and then repetitive large pings are made to the networking device from several workstations, causing the networking device to register some usage. This will trigger policies 1 and
2, and the console will display the following messages:
00:42:23: %HA_EM-6-LOG: IOSWD_Sample1: IOSWD_Sample1 Policy Triggered
00:42:47: %HA_EM-6-LOG: IOSWD_Sample2: IOSWD_Sample2 Policy Triggered
Embedded Event Manager Configuration Guide
97
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuration SNMP Library Extensions Examples
To view the policies that are registered, use the show event manager policy registered command:
Device#
show event manager policy registered
No.
Class Type
1 applet system
Event Type ioswdsysmon
Trap Time Registered Name
Off Fri Jul 23 02:27:28 2004 IOSWD_Sample1 sub1 cpu_util {taskname {IP Input} op ge val 1 period 10.000 } action 1.0 syslog msg "IOSWD_Sample1 Policy Triggered"
2 applet system ioswdsysmon Off Fri Jul 23 02:23:52 2004 IOSWD_Sample2 sub1 mem_used {taskname {Net Input} op gt val 100 is_percent FALSE} action 1.0 syslog msg "IOSWD_Sample2 Policy Triggered"
3 applet system ioswdsysmon Off Fri Jul 23 03:07:38 2004 IOSWD_Sample3 sub1 mem_used {taskname {IP RIB Update} op gt val 50 is_percent TRUE period 60.000 } action 1.0 syslog msg "IOSWD_Sample3 Policy Triggered"
Configuration SNMP Library Extensions Examples
SNMP Get Operations Examples
The following example shows how to send a get request to the local host.
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.2.1.1.1.0
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp oid
1.3.6.1.2.1.1.1.0
get-type exact community
public
Device(config-applet)#
action 1.3 info type snmp oid
1.3.6.1.2.1.1.4.0
get-type next community
public
The following log message will be written to the SNMP event manager log:
1d03h:%HA_EM-6-LOG: lg: 1.3.6.1.2.1.1.1.0
1d04h:%HA_EM-6-LOG: lgn: 1.3.6.1.2.1.1.5.0
The following example shows how to send a get request to a remote host.
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.2.1.1.1.0
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp oid
1.3.6.1.2.1.1.4.0
get-type next community
public
ipaddr
172.17.16.69
Device(config-applet)#
action 1.3 info type snmp getid
1.3.6.1.2.1.1.1.0
community
public
ipaddr
172.17.16.69
The following log message is written to the SNMP event manager log:
1d03h:%HA_EM-6-LOG: lg: 1.3.6.1.2.1.1.1.0
1d04h:%HA_EM-6-LOG: lgn: 1.3.6.1.2.1.1.5.0
98
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuration SNMP Library Extensions Examples
SNMP GetID Operations Examples
The following example shows how to send a getid request to the local host.
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.2.1.1.1.0
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp getid community
public
The following log message is written to the SNMP event manager log:
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysname_oid=1.3.6.1.2.1.1.5.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysname_value=jubjub.cisco.com
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syslocation_oid=1.3.6.1.2.1.1.6.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syslocation_value=
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysdescr_oid=1.3.6.1.2.1.1.1.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysobjectid_oid=1.3.6.1.2.1.1.2.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysobjectid_value=products.222
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysuptime_oid=1.3.6.1.2.1.1.3.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysuptime_oid=10131676
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syscontact_oid=1.3.6.1.2.1.1.4.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syscontact_value=YYY
The following example shows how to send a getid request to a remote host.
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.2.1.1.1.0
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp getid
1.3.6.1.2.1.1.1.0
community
public
ipaddr
172.17.16.69
The following log message is written to the SNMP event manager log:
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysname_oid=1.3.6.1.2.1.1.5.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysname_value=jubjub.cisco.com
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syslocation_oid=1.3.6.1.2.1.1.6.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syslocation_value=
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysdescr_oid=1.3.6.1.2.1.1.1.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysobjectid_oid=1.3.6.1.2.1.1.2.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysobjectid_value=products.222
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysuptime_oid=1.3.6.1.2.1.1.3.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_sysuptime_oid=10131676
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syscontact_oid=1.3.6.1.2.1.1.4.0
1d04h:%HA_EM-6-LOG: lgid: _info_snmp_syscontact_value=YYY
Set Operations Examples
The following example shows how to perform a set operation on the local host.
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.2.1.1.1.0
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp oid
Embedded Event Manager Configuration Guide
99
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuration SNMP Library Extensions Examples
1.3.6.1.2.1.1.4.0
set-type integer
5 sysName.0
community
public
The following log message is written to the SNMP event manager log:
1d04h:%HA_EM-6-LOG: lset: 1.3.6.1.2.1.1.4.0
1d04h:%HA_EM-6-LOG: lset: XXX
The following example shows how to perform a set operation on a remote host.
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.2.1.1.1.0
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp oid
1.3.6.1.2.1.1.4.0
set-type integer
5 sysName.0
community
public
ipaddr
172.17.16.69
The following log message is written to the SNMP event manager log:
1d04h:%HA_EM-6-LOG: lset: 1.3.6.1.2.1.1.4.0
1d04h:%HA_EM-6-LOG: lset: XXX
Generating SNMP Notifications Examples
The following example shows how to configure SNMP traps for the sysUpTime.0 variable:
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.4.1.9.9.48.1.1.1.6.1
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp var
sysUpTime.0
oid
1.3.6.1.4.1.9.9.43.1.1.6.1.3.41
integer
2
Device(config-applet)#
action 1.4 info type snmp trap enterprise-oid
ciscoSyslogMIB.2
generic-trapnum
6
specific-trapnum
1
trap-oid
1.3.6.1.4.1.9.9.41.2.0.1
trap-var
sysUpTime.0
The following output is generated if the debug snmp packets command is enabled:
Device#
debug snmp packets
1d04h: SNMP: Queuing packet to 172.69.16.2
1d04h: SNMP: V1 Trap, ent ciscoSyslogMIB.2, addr 172.19.rap 1 clogHistoryEntry.3 = 4 clogHistoryEntry.6 = 9999
1d04h: SNMP: Queuing packet to 172.19.208.130
1d04h: SNMP: V1 Trap, ent ciscoSyslogMIB.2, addr 172.19.rap 1 clogHistoryEntry.3 = 4 clogHistoryEntry.6 = 9999
1d04h: SNMP: Packet sent via UDP to 172.69.16.2
1d04h: SNMP: Packet sent via UDP to 172.69.16.2
infra-view10:
Packet Dump:
30 53 02 01 00 04 04 63 6f 6d 6d a4 48 06 09 2b
06 01 04 01 09 09 29 02 40 04 ac 13 d1 17 02 01
06 02 01 01 43 04 00 9b 82 5d 30 29 30 12 06 0d
100
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets Examples
2b 06 01 04 01 09 09 29 01 02 03 01 03 02 01 04
30 13 06 0d 2b 06 01 04 01 09 09 29 01 02 03 01
06 02 02 27 0f
Received SNMPv1 Trap:
Community: comm
Enterprise: ciscoSyslogMIBNotificationPrefix
Agent-addr: 172.19.209.23
Enterprise Specific trap.
Enterprise Specific trap: 1
Time Ticks: 10191453 clogHistSeverity = error(4) clogHistTimestamp = 9999
The following example shows how to configure SNMP inform requests for the sysUpTime.0 variable:
Device(config)#
event manager applet snmp
Device(config-applet)#
event snmp oid
1.3.6.1.4.1.9.9.48.1.1.1.6.1
get-type exact entry-op
lt
entry-val
5120000
poll-interval
90
Device(config-applet)#
action 1.3 info type snmp var
sysUpTime.0
oid
1.3.6.1.4.1.9.9.43.1.1.6.1.3.41
integer
2
Device(config-applet)#
action 1.4 info type snmp inform trap-oid
1.3.6.1.4.1.9.9.43.2.0.1
trap-var
sysUpTime.0
community
public
ipaddr
172.19.209.24
The following output is generated if the debug snmp packets command is enabled:
Device#
debug snmp packets
1d04h: SNMP: Inform request, reqid 24, errstat 0, erridx 0 sysUpTime.0 = 10244391 snmpTrapOID.0 = ciscoConfigManMIB.2.0.1
ccmHistoryEventEntry.3.40 = 1
1d04h: SNMP: Packet sent via UDP to 172.19.209.24.162
1d04h: SNMP: Packet received via UDP from 172.19.209.24 on FastEthernet0/0
1d04h: SNMP: Response, reqid 24, errstat 0, erridx 0
1d04h: SNMP: Response, reqid 24, errstat 0, erridx 0
1d04h: SNMP: Inform request, reqid 25, errstat 0, erridx 0 sysUpTime.0 = 10244396 snmpTrapOID.0 = ciscoConfigManMIB.2.0.1
ccmHistoryEventEntry.3.41 = 2
1d04h: SNMP: Packet sent via UDP to 172.19.209.24.162
1d04h: SNMP: Packet received via UDP from 172.19.209.24 on FastEthernet0/0
1d04h: SNMP: Response, reqid 25, errstat 0, erridx 0
1d04h: SNMP: Response, reqid 25, errstat 0, erridx 0
Device# debug snmp packets
5d04h: SNMP: Packet received via UDP from 172.19.209.23 on FastEthernet0/0
5d04h: SNMP: Inform request, reqid 24, errstat 0, erridx 0 sysUpTime.0 = 10244391 snmpTrapOID.0 = ciscoConfigManMIB.2.0.1
ccmHistoryEventEntry.3.40 = 1
5d04h: dest if_index = 1
5d04h: dest ip addr= 172.19.209.24
5d04h: SNMP: Response, reqid 24, errstat 0, erridx 0
5d04h: SNMP: Packet sent via UDP to 172.19.209.23.57748
5d04h: SNMP: Packet received via UDP from 172.19.209.23 on FastEthernet0/0
5d04h: SNMP: Inform request, reqid 25, errstat 0, erridx 0
Configuring Variable Logic for EEM Applets Examples
The following sections provide examples on some selected action commands. For information on all the action commands supporting variable logic within applets, see the table below.
Embedded Event Manager Configuration Guide
101
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets Examples
In this example, conditional loops while, if and foreach are used to print data. Other action commands such as action divide, action increment and action puts are used to define the actions to be performed when the conditions are met.
event manager applet printdata event none action 100 set colors "red green blue" action 101 set shapes "square triangle rectange" action 102 set i "1" action 103 while $i lt 6 action 104 divide $i 2 action 105 if $_remainder eq 1 action 106 foreach _iterator "$colors" action 107 puts nonewline "$_iterator " action 108 end action 109 puts "" action 110 else action 111 foreach _iterator "$shapes" action 112 puts nonewline "$_iterator " action 113 end action 114 puts "" action 115 end action 116 increment i action 117 end
When the event manager applet ex is run, the following output is obtained: event manager run printdata red green blue square triangle rectange red green blue square triangle rectange red green blue
In this example, two environment variables poll_interface and max_rx_rate are set to F0/0 and 3 respectively.
Every 30 seconds there is a poll on an interface for rx rate. If the rx rate is greater than the threshold, a syslog message is displayed.
This applet makes use of the foreach conditional statement to poll the interface, the if conditional block to compare the value under RXPS with max_rx_rate that was set in the EEM environment variable.
event manager environment poll_interfaces F0/0 event manager environment max_rx_rate 3 ev man app check_rx_rate ev timer watchdog name rx_timer time 30 action 100 foreach int $poll_interfaces action 101 cli command "en" action 102 cli command "show int $int summ | beg ------" action 103 foreach line $_cli_result "\n" action 105 regexp ".*[0-9]+\s+[0-9]+\s+[0-9]+\s+[0-9]+\s+[0-9]+\s+([0-9]+)\s+.*" $line junk rxps action 106 if $_regexp_result eq 1 action 107 action 108 if $rxps gt $max_rx_rate syslog msg "Warning rx rate for $int is > than threshold. Current value is
$rxps
(threshold is $max_rx_rate)" action 109 end action 110 end action 111 end action 112 end
Example syslog message:
Oct 16 09:29:26.153: %HA_EM-6-LOG: c: Warning rx rate for F0/0 is > than threshold.
Current value is 4 (threshold is 3)
The output of show int F0/0 summ is of the format:
#show int f0/0 summ
*: interface is up
102
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets Examples
IHQ: pkts in input hold queue
OHQ: pkts in output hold queue
RXBS: rx rate (bits/sec)
TXBS: tx rate (bits/sec)
TRTL: throttle count
IQD: pkts dropped from input queue
OQD: pkts dropped from output queue
RXPS: rx rate (pkts/sec)
TXPS: tx rate (pkts/sec)
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
-------------------------------------------------------------------------
* FastEthernet0/0 0 87283 0 0 0 0 0 0 0
Note
To use other action commands supporting variable logic within applets, use the commands listed in the table below.
Table 10: Available action commands
Action Commands
action add action append action break action comment action context retrieve action context save action continue action decrement action divide action else action elseif action end action exit
Purpose
Adds the value of two variables when an EEM applet is triggered.
Appends the given value to the current value of a variable when an
EEM applet is triggered.
Causes an immediate exit from a loop of actions when an EEM applet is triggered
Adds comments to an applet when an EEM applet is triggered
Retrieves variables identified by a given set of context name keys when an EEM applet is triggered.
Saves information across multiple policy triggers when an EEM applet is triggered.
Continues with a loop of actions when an EEM applet is triggered.
Decrements the value of a variable when an EEM applet is triggered.
Divides the dividend value by the given divisor value when an EEM applet is triggered.
Specifies the beginning of else conditional action block in if / else conditional action block when an EEM applet is triggered.
Identifies the beginning of the else conditional action block in the else / if conditional action block when an EEM applet is triggered.
Specifies the identification of the end of an conditional action block in the if / else and while conditional action block when an EEM applet is triggered.
Specifies an immediate exit from the running applet configuration when an EEM applet is triggered.
Embedded Event Manager Configuration Guide
103
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Variable Logic for EEM Applets Examples
Action Commands
action foreach action gets action if action if goto action increment action info type interface-names action info type snmp getid action info type snmp inform action info type snmp oid action info type snmp trap action info type snmp var action multiply action puts action regexp action set (EEM) action string compare action string equal
Purpose
Specifies the iteration of an input string using the delimiter as a tokenizing pattern, when an EEM applet is triggered.
Gets an input from the local TTY in a synchronous applet and store the value in the given variable when an EEM applet is triggered.
Specifies the identification of the beginning of an if conditional block when an EEM applet is triggered.
Instructs the applet to jump to a given label if the specified condition is true when an EEM applet is triggered.
Increments the value of a variable when an EEM applet is triggered.
Specifies the action of obtaining interface names when an EEM applet is triggered.
Retrieves the individual variables from a Simple Network Management
Protocol (SNMP) entity during the SNMP get operation.
Sends an SNMP inform requests when an EEM applet is triggered.
Specifies the type of SNMP get operation and the object to retrieve during the SNMP set operation, when an EEM applet is triggered.
Sends SNMP trap requests when an EEM applet is triggered.
Creates a variable for an SNMP object identifier (OID) and its value from an EEM applet
Specifies the action of multiplying the variable value with a specified given integer value when an EEM applet is triggered.
Enables the action of printing data directly to the local tty when an
EEM applet is triggered.
Specifies the action of matching a regular expression pattern on an input string when an EEM applet is triggered.
Specifies the action of setting the value of a variable when an EEM applet is triggered.
Specifies the action of comparing two unequal strings when an EEM applet is triggered.
Specifies the action of verifying whether or not two strings are equal when an EEM applet is triggered
104
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Action Commands
action string first action string index action string last action string length action string match action string range action string replace action string tolower action string toupper action string trim action string trimleft action string trimright action subtract action while
Configuring Variable Logic for EEM Applets Examples
Purpose
Specifies the action of returning the index on the first occurrence of string1 within string2 when an EEM applet is triggered.
Specifies the action of returning the characters specified at a given index value when an EEM applet is triggered.
Specifies the action of returning the index on the last occurrence of string1 within string 2 when an EEM applet is triggered.
Specifies the action of returning the number of characters in a string when the EEM applet is triggered.
Specifies the action of returning 1 to the $_string_result, if the string matches the pattern when an EEM applet is triggered.
Specifies the action of storing a range of characters in a string when an EEM applet is triggered.
Specifies the action of storing a new string by replacing range of characters in the specified string when an EEM applet is triggered.
Specifies the action of storing specific range of characters of a string in lowercase when an EEM applet is triggered.
Specifies the action of storing specific range of characters of a string in uppercase when an EEM applet is triggered.
Specifies the action to trim a string when an EEM applet is triggered.
Specifies the action to trim the characters of one string from the left end of another string when an EEM applet is triggered.
Specifies the action to trim the characters one string from the right end of another string when an EEM applet is triggered.
Subtracts the value of a variable from another value when an EEM applet is triggered.
Specifies the action of identifying the beginning of a loop of conditional block when an EEM applet is triggered.
Embedded Event Manager Configuration Guide
105
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Configuring Event SNMP-Object Examples
Configuring Event SNMP-Object Examples
The following example shows the SET operation and the value to set is in $_snmp_value and it is managed by the script. The example below saves the oid and its value as contexts to be retrieved later.
event manager applet snmp-object1 description "APPLET SNMP-OBJ-1" event snmp-object oid 1.3.6.1.2.1.31.1.1.1.18 type string sync no skip no istable yes default 0 action 1 syslog msg "SNMP-OBJ1:TRIGGERED" facility "SNMP_OBJ" action 2 context save key myoid variable "_snmp_oid" action 3 context save key myvalue variable "_snmp_value"
Configuring Description of an EEM Applet Examples
The following example shows how to add or modify the description for an Embedded Event Manager (EEM) applet that is run by sampling Simple Network Management Protocol (SNMP): event manager applet test description "This applet looks for the word count in syslog messages" event syslog pattern "count" action 1 syslog msg hi
Additional References
The following sections provide references related to writing EEM policies Using the Cisco IOS CLI.
Related Documents
Related Topic
Cisco IOS commands
Document Title
Cisco IOS Master Commands List, All Releases
EEM commands: complete command syntax, defaults, command mode, command history, usage guidelines, and examples
Cisco IOS Embedded Event Manager Command
Reference
Embedded Event Manager overview Embedded Event Manager Overview module
Embedded Event Manager policy writing using Tcl Writing Embedded Event Manager Policies Using
Tcl module
Configuring enhanced object tracking Configuring Enhanced Object Tracking module
106
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Additional References
Standards
Standard Title
No new or modified standards are supported, and support for existing standards has not been modified.
--
MIBs
MIB
CISCO-EMBEDDED-EVENT-MGR-MIB
MIBs Link
To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL: http://www.cisco.com/go/mibs
RFCs
RFC Title
No new or modified RFCs are supported, and support for existing RFCs has not been modified.
--
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with
Cisco products and technologies.
http://www.cisco.com/cisco/web/support/index.html
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
Embedded Event Manager Configuration Guide
107
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Feature Information for Writing EEM 4.0 Policies Using the Cisco
IOS CLI
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to . An account on Cisco.com is not required.
Table 11: Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Feature Name
Embedded Event Manager 1.0
Releases
12.0(26)S
12.3(4)T
Feature Information
EEM 1.0 introduced Embedded
Event Manager applet creation with the SNMP and syslog event detectors. EEM 1.0 also introduced the following actions: generating prioritized syslog messages, generating a CNS event for upstream processing by Cisco CNS devices, reloading the Cisco software, and switching to a secondary processor in a fully redundant hardware configuration.
The following commands were introduced by this feature: action
cns-event, action
force-switchover, action reload,
action syslog, debug event
manager, event manager applet,
event snmp, event syslog, show
event manager policy registered.
108
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Feature Name
Embedded Event Manager 2.0
Releases
12.2(25)S
Feature Information
EEM 2.0 introduced the application-specific event detector, the counter event detector, the interface counter event detector, the timer event detector, and the watchdog event detector. New actions included modifying a named counter, publishing an application-specific event, and generating an SNMP trap. The ability to define environment variables and to run EEM policies written using Tcl was introduced, and two sample policies were included with the software.
The following commands were introduced by this feature: action
counter, action publish-event,
action snmp-trap, event
application, event counter, event
interface, event ioswdsysmon,
event manager environment,
event manager history size, event
manager policy, event manager
scheduler suspend, event timer,
show event manager
environment, show event
manager history events, show
event manager history traps,
show event manager policy
available, show event manager
policy pending.
Embedded Event Manager Configuration Guide
109
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Feature Name
Embedded Event Manager 2.1
Releases
12.3(14)T
12.2(18)SXF5
12.2(28)SB
12.2(33)SRA
Feature Information
EEM 2.1 introduced some new event detectors and actions with new functionality to allow EEM policies to be run manually and the ability to run multiple concurrent policies. Support for Simple
Network Management Protocol
(SNMP) event detector rate-based events was provided as was the ability to create policies using Tool
Command Language (Tcl).
The following commands were introduced or modified by this feature: action cli, action counter,
action info, action mail, action
policy, debug event manager,
event cli, event manager
directory user, event manager
policy, event manager run, event
manager scheduler script, event
manager session cli username,
event none, event oir, event
snmp, event syslog, set(EEM),
show event manager directory
user, show event manager policy
registered, show event manager
session cli username.
110
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Feature Name
Embedded Event Manager 2.1
(Software Modularity)
Embedded Event Manager 2.2
SNMP event detector delta environment variable
Releases
12.2(18)SXF4
Cisco IOS Software Modularity images
12.4(2)T
12.2(31)SB3
12.2(33)SRB
12.4(11)T
Feature Information
EEM 2.1 for Software Modularity images introduced the GOLD, system manager, and WDSysMon
(Cisco IOS Software Modularity watchdog) event detectors, and the ability to display Cisco IOS
Software Modularity processes and process metrics.
The following commands were introduced by this feature: event
gold, event process, show event
manager metric process.
Note
EEM 2.1 for Software
Modularity images also supports the resource and
RF event detectors introduced in EEM 2.2, but it does not support the enhanced object tracking event detector or the actions to read and set tracked objects.
EEM 2.2 introduced the enhanced object tracking, resource, and RF event detectors. The actions of reading and setting the state of a tracked object were also introduced.
The following commands were introduced or modified by this feature: action track read, action
track set, default-state, event
resource, event rf, event track,
show track, track stub-object.
A new SNMP event detector environment variable,
_snmp_oid_delta_val, was introduced.
This is a minor enhancement.
Minor enhancements are not typically listed in Feature
Navigator.
Embedded Event Manager Configuration Guide
111
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Feature Name
Embedded Event Manager 2.3
Releases
12.2(33)SXH
12.2(33)SB
15.1(2)SY
Embedded Event Manager 2.4
12.4(20)T
12.2(33)SXI
12.2(33)SRE
15.1(2)SY
Feature Information
EEM 2.3 introduced some new features relative to the Generic
Online Diagnostics (GOLD) Event
Detector on the Cisco Catalyst
6500 Series switches.
The event gold command was enhanced in addition to the Tcl keywords--action-notify,
testing-type, test-name, test-id,
consecutive-failure,
platform-action, and maxrun--for improved reaction to GOLD test failures and conditions
Read-only variables were added under the GOLD Event Detector category to provide access to platform-wide and test-specific
GOLD event detector information for a detected event.
EEM 2.4 is supported in Cisco IOS
Release 12.4(20)T and later releases, and introduced several new features.
The following commands were introduced by this feature:
attribute (EEM) , correlate, event
manager detector rpc, event
manager directory user
repository, event manager
update user policy, event
manager scheduler clear, event
manager update user policy,
event owner, event rpc, event
snmp-notification, show event
manager detector, show event
manager version, trigger (EEM).
112
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Feature Name
Embedded Event Manger 3.0
Releases
12.4(22)T
12.2(33)SRE
12.2(50)SY
Feature Information
EEM 3.0 is supported in Cisco IOS
Release 12.4(22)T and later releases, and introduced several new features.
The following commands were introduced or modified by this feature:
action add , action append,
action break, action comment,
action context retrieve, action
context save, action continue,
action decrement, action divide,
action else, action elseif, action
end, action exit, action foreach,
action gets, action if, action if
goto, action increment, action
info type interface-names, action
info type snmp getid, action info
type snmp inform, action info
type snmp oid, action info type
snmp trap, action info type snmp
var, action multiply, action puts,
action regexp, action set (EEM),
action string compare, action
string equal, action string first,
action string index, action string
last, action string length, action
string match, action string range,
action string replace, action
string tolower, action string
toupper, action string trim,
action string trimleft, action
string trimright, action subtract,
action while, event cli, event
ipsla, event manager detector
routing, event manager
scheduler, event manager
scheduler clear, event manager
scheduler hold, event manager
scheduler modify, event manager
scheduler release, event nf, event
routing, show event manager
policy active, show event
manager policy pending, and
show event manager scheduler.
Embedded Event Manager Configuration Guide
113
Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI
Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Feature Name
Embedded Event Manager 3.1
Releases
15.0(1)M
15.1(1)SY
15.1(2)SY
Embedded Event Manager 3.2
Embedded Event Manager 4.0
12.2(52)SE
12.2(54)SG
15.1(3)T
15.1(1)SY
15.1(2)SY
15.2(2)T
15.1(1)SY
15.1(2)SY
Feature Information
EEM 3.1 is supported in Cisco IOS
Release 15.0(1)M and later releases, and introduced several new features.
The following commands were introduced or modified by this feature: action syslog, description
(EEM) , event manager applet ,
event manager policy , event
snmp-notification , event
snmp-object , show event
manager policy registered , and
show event manager policy
available .
EEM is a distributed and customized approach to event detection and recovery offered directly in a Cisco IOS device.
The following sections provide information about this feature:
The following commands were introduced or modified: debug
event manager, event identity,
event mat, event
neighbor-discovery, show event
manager detector.
EEM 4.0 is supported in 15.2(2)T and later releases, and introduced several new features.
The following commands were introduced or modified: action file,
action mail, action syslog, clear
event manager detector counters,
clear event manager server
counters, event cli, event
manager policy, event manager
scheduler, event syslog, show
event manager detector, show
event manager policy registered,
show event manager statistics.
114
Embedded Event Manager Configuration Guide
C H A P T E R
4
Writing Embedded Event Manager Policies Using
Tcl
This module describes how software developers can write and customize Embedded Event Manager (EEM) policies using Tool command language (Tcl) scripts to handle Cisco software faults and events. EEM is a policy-driven process by means of which faults in the Cisco software system are reported through a defined application programing interface (API). The EEM policy engine receives notifications when faults and other events occur. EEM policies implement recovery on the basis of the current state of the system and the actions specified in the policy for a given event. Recovery actions are triggered when the policy is run.
•
Finding Feature Information, page 115
•
Prerequisites for Writing Embedded Event Manager Policies Using Tcl, page 116
•
Information About Writing Embedded Event Manager Policies Using Tcl, page 116
•
How to Write Embedded Event Manager Policies Using Tcl, page 123
•
Configuration Examples for Writing Embedded Event Manager Policies Using Tcl, page 154
•
Additional References, page 175
•
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl, page 176
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn . An account on Cisco.com is not required.
Embedded Event Manager Configuration Guide
115
Writing Embedded Event Manager Policies Using Tcl
Prerequisites for Writing Embedded Event Manager Policies Using Tcl
Prerequisites for Writing Embedded Event Manager Policies
Using Tcl
• Before writing EEM policies, you should be familiar with the “ Embedded Event Manager Overview ” module.
• If you want to write EEM policies using the command-line interface (CLI) commands, you should be familiar with the “ Writing Embedded Event Manager Policies Using the Cisco IOS CLI ” module.
Information About Writing Embedded Event Manager Policies
Using Tcl
EEM Policies
EEM offers the ability to monitor events and take informational or corrective action when the monitored events occur or reach a threshold. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the command-line interface (CLI) configuration. A script is a form of policy that is written in Tool Command Language (Tcl).
EEM Applet
An EEM applet is a concise method for defining event screening criteria and the actions to be taken when that event occurs. In EEM applet configuration mode, three types of configuration statements are supported.
The event commands are used to specify the event criteria to trigger the applet to run, the action commands are used to specify an action to perform when the EEM applet is triggered, and the set command is used to set the value of an EEM applet variable. Currently only the _exit_status variable is supported for the set command.
Only one event configuration command is allowed within an applet configuration. When applet configuration submode is exited and no event command is present, a warning is displayed stating that no event is associated with the applet. If no event is specified, the applet is not considered registered. When no action is associated with the applet, events are still triggered but no actions are performed. Multiple action configuration commands are allowed within an applet configuration. Use the show event manager policy registered command to display a list of registered applets.
Before modifying an EEM applet, be aware that the existing applet is not replaced until you exit applet configuration mode. While you are in applet configuration mode modifying the applet, the existing applet may be executing. It is safe to modify the applet without unregistering it, because changes are written to a temporary file. When you exit applet configuration mode, the old applet is unregistered and the new version is registered.
Action configuration commands within an applet are uniquely identified using the label argument, which can be any string value. Actions are sorted within an applet in ascending alphanumeric key sequence using the
label argument as the sort key, and they are run using this sequence. The same label argument can be used in different applets; the labels must be unique only within one applet.
116
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
EEM Policy Tcl Command Extension Categories
The Embedded Event Manager schedules and runs policies on the basis of an event specification that is contained within the policy itself. When applet configuration mode is exited, EEM examines the event and action commands that are entered and registers the applet to be run when a specified event occurs.
For more details about writing EEM policies using the Cisco IOS CLI, see the “Writing Embedded Event
Manager Policies Using the Cisco IOS CLI” module.
EEM Script
All Embedded Event Manager scripts are written in Tcl. Tcl is a string-based command language that is interpreted at run time. The version of Tcl supported is Tcl version 8.3.4 plus added script support. Scripts are defined using an ASCII editor on another device, not on the networking device. The script is then copied to the networking device and registered with EEM. Tcl scripts are supported by EEM. As an enforced rule,
Embedded Event Manager policies are short-lived run time routines that must be interpreted and executed in less than 20 seconds of elapsed time. If more than 20 seconds of elapsed time are required, the maxrun parameter may be specified in the event_register statement to specify any desired value.
EEM policies use the full range of the Tcl language’s capabilities. However, Cisco provides enhancements to the Tcl language in the form of Tcl command extensions that facilitate the writing of EEM policies. The main categories of Tcl command extensions identify the detected event, the subsequent action, utility information, counter values, and system information.
EEM allows you to write and implement your own policies using Tcl. Writing an EEM script involves:
• Selecting the event Tcl command extension that establishes the criteria used to determine when the policy is run.
• Defining the event detector options associated with detecting the event.
• Choosing the actions to implement recovery or respond to the detected event.
EEM Policy Tcl Command Extension Categories
There are different categories of EEM policy Tcl command extensions.
Note
The Tcl command extensions available in each of these categories for use in all EEM policies are described in later sections in this document.
Table 12: EEM Policy Tcl Command Extension Categories
Category
EEM event Tcl command extensions (three types: event information, event registration, and event publish)
Definition
This category is represented by the event_register_
xxx family of event-specific commands. There is a separate event information Tcl command extension in this category as well: event_reqinfo. This is the command used in policies to query the EEM for information about an event. There is also an EEM event publish Tcl command extension
event_publish> that publishes an application-specific
event.
Embedded Event Manager Configuration Guide
117
Writing Embedded Event Manager Policies Using Tcl
General Flow of EEM Event Detection and Recovery
Category
EEM action Tcl command extensions
EEM utility Tcl command extensions
Definition
These Tcl command extensions (for example,
action_syslog) are used by policies to respond to or recover from an event or fault. In addition to these extensions, developers can use the Tcl language to implement any action desired.
These Tcl command extensions are used to retrieve, save, set, or modify application information, counters, or timers.
EEM system information Tcl command extensions This category is represented by the sys_reqinfo _ xxx family of system-specific information commands.
These commands are used by a policy to gather system information.
EEM context Tcl command extensions These Tcl command extensions are used to store and retrieve a Tcl context (the visible variables and their values).
General Flow of EEM Event Detection and Recovery
EEM is a flexible, policy-driven framework that supports in-box monitoring of different components of the system with the help of software agents known as event detectors. The figure below shows the relationship between the EEM server, the core event publishers (event detectors), and the event subscribers (policies).
Basically, event publishers screen events and publish them when there is a match on an event specification that is provided by the event subscriber. Event detectors notify the EEM server when an event of interest occurs.
When an event or fault is detected, Embedded Event Manager determines from the event publishers--an example would be the OIR events publisher in the figure below--if a registration for the encountered fault or event has occurred. EEM matches the event registration information with the event data itself. A policy registers for the detected event with the Tcl command extension event_register _ xxx. The event information
118
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Safe-Tcl
Tcl command extension event_reqinfo is used in the policy to query the Embedded Event Manager for information about the detected event.
Figure 3: Embedded Event Manager Core Event Detectors
Safe-Tcl
Safe-Tcl is a safety mechanism that allows untrusted Tcl scripts to run in an interpreter that was created in the safe mode. The safe interpreter has a restricted set of commands that prevent accessing some system resources and harming the host and other applications. For example, it does not allow commands to access critical Cisco IOS file system directories.
Cisco-defined scripts run in full Tcl mode, but user-defined scripts run in Safe-Tcl mode. Safe-Tcl allows
Cisco to disable or customize individual Tcl commands. For more details about Tcl commands, go to http:// www.tcl.tk/man/ .
The following list of Tcl commands are restricted with a few exceptions. Restrictions are noted against each command or command keyword:
• cd --Change directory is not allowed to one of the restricted Cisco directory names.
• encoding --The commands encoding names, encoding convertfrom, and encoding convertto are permitted. The encoding system command with no arguments is permitted, but the encoding system command with the ?encoding? keyword is not permitted.
• exec --Not permitted.
Embedded Event Manager Configuration Guide
119
Safe-Tcl
• fconfigure --Permitted.
• file --The following are permitted:
• file dirname
• file exists
• file extension
• file isdirectory
• file join
• file pathtype
• file rootname
• file split
• file stat
• file tail
• file --The following are not permitted:
• file atime
• file attributes
• file channels
• file copy
• file delete
• file executable
• file isfile
• file link
• file lstat
• file mkdir
• file mtime
• file nativename
• file normalize
• file owned
• file readable
• file readlink
• file rename
• file rootname
• file separator
• file size
120
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Writing Embedded Event Manager Policies Using Tcl
Bytecode Support for EEM 2.4
• file system
• file type
• file volumes
• file writable
• glob --The glob command is not permitted when searching in one of the restricted Cisco directories.
Otherwise, it is permitted.
• load --Only files that are in the user policy directory or the user library directory are permitted to be loaded. Static packages (for example, libraries that consist of C code) are not permitted to be loaded with the load command.
• open --The open command is not allowed for a file that is located in one of the restricted Cisco directories.
• pwd --The pwd command is not permitted.
• socket --The socket command is permitted.
• source --The source command is permitted for files that are in the user policy directory or the user library directory.
Bytecode Support for EEM 2.4
EEM 2.4 introduces bytecode language (BCL) support by accepting files with the standard bytecode script extension .tbc. Tcl version 8.3.4 defines a BCL and includes a compiler that translates Tcl scripts into BCL.
Valid EEM policy file extensions in EEM 2.4 for user and system policies are .tcl (Tcl Text files) and .tbc
(Tcl bytecode files).
Storing Tcl scripts in bytecode improves the execution speed of the policy because the code is precompiled, creates a smaller policy size, and obscures the policy code. Obfuscation makes it a little more difficult to modify scripts and hides logic to preserve intellectual property rights.
Support for bytecode is being added to provide another option for release of supported and trusted code. We recommend that you only run well understood, or trusted and supported software on network devices. To generate Tcl bytecode for IOS EEM support, use TclPro versions 1.4 or 1.5.
To translate a Tcl script to bytecode you can use procomp, part of Free TclPro Compiler, or Active State Tcl
Development Kit. When a Tcl script is compiled using procomp, the code is scrambled and a .tbc file is generated. The bytecode files are platform-independent and can be generated on any operating system on which TclPro is available, including Windows, Linux, and UNIX. Procomp is part of TclPro and available from http://www.tcl.tk/software/tclpro .
Registration Substitution
In addition to regular Tcl substitution, EEM 2.3 permits the substitution of an individual parameter in an EEM event registration statement line with an environment variable.
EEM 2.4 introduces the ability to replace multiple parameters in event registration statement lines with a single environment variable.
Embedded Event Manager Configuration Guide
121
Writing Embedded Event Manager Policies Using Tcl
Cisco File Naming Convention for EEM
Note
Only the first environment variable supports multiple parameter substitution. Individual parameters can still be specified with additional environment variables after the initial variable.
To illustrate the substitution, a single environment variable, $_eem_syslog_statement is configured as:
::cisco::eem::event_register_syslog pattern COUNT
Using the registration substitution, the $_eem_syslog_statement environment variable is used in the following
EEM user policy:
$_eem_syslog_statement occurs $_eem_occurs_val action_syslog
“this is test 3”
Environment variables must be defined before a policy using them is registered. To define the
$_eem_syslog_statement environment variable:
Device(config)# event manager environment eem_syslog_statement
::cisco::eem::event_register_syslog pattern COUNT
Device(config)# event manager environment eem_occurs_val 2
Cisco File Naming Convention for EEM
All Embedded Event Manager policy names, policy support files (for example, e-mail template files), and library filenames are consistent with the Cisco file naming convention. In this regard, Embedded Event
Manager policy filenames adhere to the following specification:
• An optional prefix--Mandatory.--indicating, if present, that this is a system policy that should be registered automatically at boot time if it is not already registered. For example: Mandatory.sl_text.tcl.
• A filename body part containing a two-character abbreviation (see the table below) for the first event specified; an underscore part; and a descriptive field part that further identifies the policy.
• A filename suffix part defined as .tcl.
Embedded Event Manager e-mail template files consist of a filename prefix of email_template, followed by an abbreviation that identifies the usage of the e-mail template.
Embedded Event Manager library filenames consist of a filename body part containing the descriptive field that identifies the usage of the library, followed by _lib, and a filename suffix part defined as .tcl.
Table 13: Two-Character Abbreviation Specification
ap cl ct go if io event_register_appl event_register_cli event_register_counter event_register_gold event_register_interface event_register_ioswdsysmon
122
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
How to Write Embedded Event Manager Policies Using Tcl
sn st so tm tr ts wd rf rs oi pr la nf no rt rp sl event_register_ipsla event_register_nf event_register_none event_register_oir event_register_process event_register_rf event_register_resource event_register_routing event_register_rpc event_register_syslog event_register_snmp event_register_snmp_notification event_register_snmp_object event_register_timer event_register_track event_register_timer_subscriber event_register_wdsysmon
How to Write Embedded Event Manager Policies Using Tcl
Registering and Defining an EEM Tcl Script
Perform this task to configure environment variables and register an EEM policy. EEM schedules and runs policies on the basis of an event specification that is contained within the policy itself. When an EEM policy is registered, the software examines the policy and registers it to be run when the specified event occurs.
Before You Begin
You must have a policy available that is written in the Tcl scripting language. Sample policies are provided--see the details in the
Sample EEM Policies, on page 134
to see which policies are available for the Cisco IOS release image that you are using--and these sample policies are stored in the system policy directory.
Embedded Event Manager Configuration Guide
123
Writing Embedded Event Manager Policies Using Tcl
Registering and Defining an EEM Tcl Script
SUMMARY STEPS
1. enable
2. show event manager environment [all| variable-name]
3. configure terminal
4. event manager environment variable-name string
5. Repeat
Registering and Defining an EEM Tcl Script
to configure all the environment variables required by the policy to be registered in
Registering and Defining an EEM Tcl Script .
6. event manager policy policy-filename [type {system| user}] [trap]
7. exit
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager environment [all|
variable-name]
Example:
Device# show event manager environment all
(Optional) Displays the name and value of EEM environment variables.
• The optional all keyword displays all the EEM environment variables.
• The optional variable-nameargument displays information about the specified environment variable.
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager environment variable-name string Configures the value of the specified EEM environment variable.
Example:
Device(config)# event manager environment
_cron_entry 0-59/2 0-23/1 * * 0-6
• In this example, the software assigns a CRON timer environment variable to be set to the second minute of every hour of every day.
Repeat
Registering and Defining an EEM Tcl Script
to configure all the environment variables required by the policy to be registered in
--
event manager policy policy-filename [type
{system| user}] [trap]
Registers the EEM policy to be run when the specified event defined within the policy occurs.
124
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Displaying EEM Registered Policies
Step 7
Command or Action
Example:
Device(config)# event manager policy tm_cli_cmd.tcl type system
exit
Example:
Device(config)# exit
Purpose
• Use the system keyword to register a Cisco-defined system policy.
• Use the user keyword to register a user-defined system policy.
• Use the trap keyword to generate an SNMP trap when the policy is triggered.
• In this example, the sample EEM policy named tm_cli_cmd.tcl is registered as a system policy.
Exits global configuration mode and returns to privileged EXEC mode.
Examples
In the following example, the show event manager environment privileged EXEC command is used to display the name and value of all EEM environment variables.
Device#
show event manager environment all
No.
Name Value
1
2
3
4
5
_cron_entry
_show_cmd
_syslog_pattern
_config_cmd1
_config_cmd2
0-59/2 0-23/1 * * 0-6 show ver
.*UPDOWN.*Ethernet1/0.* interface Ethernet1/0 no shut
Displaying EEM Registered Policies
Perform this optional task to display EEM registered policies.
SUMMARY STEPS
1. enable
2. show event manager policy registered [event-type event-name] [time-ordered| name-ordered] [detailed
policy-filename]
DETAILED STEPS
Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
Embedded Event Manager Configuration Guide
125
Writing Embedded Event Manager Policies Using Tcl
Displaying EEM Registered Policies
Step 2
Example:
Device>
enable
show event manager policy registered [event-type event-name] [time-ordered| name-ordered] [detailed
policy-filename]
Use this command with the time-ordered keyword to display information about currently registered policies sorted by time, for example:
Example:
Device#
show event manager policy registered time-ordered
No.
Type
1 system
Event Type timer cron
Trap Time Registered Name
Off Wed May11 01:43:18 2005 tm_cli_cmd.tcl
name {crontimer2} cron entry {0-59/1 0-23/1 * * 0-7}
2 nice 0 priority normal maxrun 240 system syslog Off Wed May11 01:43:28 2005 sl_intf_down.tcl
occurs 1 pattern {.*UPDOWN.*Ethernet1/0.*}
3 nice 0 priority normal maxrun 90 system proc abort Off Wed May11 01:43:38 2005 pr_cdp_abort.tcl
instance 1 path {cdp2.iosproc} nice 0 priority normal maxrun 20
Use this command with the name-ordered keyword to display information about currently registered policies sorted by name, for example:
Example:
Device#
show event manager policy registered name-ordered
No.
Type
1 system
Event Type proc abort
Trap Time Registered Name
Off Wed May11 01:43:38 2005 pr_cdp_abort.tcl
instance 1 path {cdp2.iosproc} nice 0 priority normal maxrun 20
2 system syslog Off Wed May11 01:43:28 2005 sl_intf_down.tcl
occurs 1 pattern {.*UPDOWN.*Ethernet1/0.*}
3 nice 0 priority normal maxrun 90 system timer cron Off Wed May11 01:43:18 2005 tm_cli_cmd.tcl
name {crontimer2} cron entry {0-59/1 0-23/1 * * 0-7} nice 0 priority normal maxrun 240
Use this command with the event-type keyword to display information about currently registered policies for the event type specified in the event-name argument, for example:
Example:
Device#
show event manager policy registered event-type syslog
No.
Type Event Type Time Registered Name
1 system syslog Wed May11 01:43:28 2005 sl_intf_down.tcl
occurs 1 pattern {.*UPDOWN.*Ethernet1/0.*} nice 0 priority normal maxrun 90
126
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Unregistering EEM Policies
Unregistering EEM Policies
Perform this task to remove an EEM policy from the running configuration file. Execution of the policy is canceled.
SUMMARY STEPS
1. enable
2. show event manager policy registered [event-type event-name][system| user] [time-ordered|
name-ordered] [detailed policy-filename]
3. configure terminal
4. no event manager policy policy-filename
5. exit
6. Repeat
to ensure that the policy has been removed.
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager policy registered [event-type
event-name][system| user] [time-ordered|
name-ordered] [detailed policy-filename]
Example:
Device# show event manager policy registered
(Optional) Displays the EEM policies that are currently registered.
• The optional systemor user keyword displays the registered system or user policies.
• If no keywords are specified, EEM registered policies for all event types are displayed in time order.
Enters global configuration mode.
configure terminal
Example:
Device# configure terminal
no event manager policy policy-filename
Example:
Device(config)# no event manager policy pr_cdp_abort.tcl
Removes the EEM policy from the configuration, causing the policy to be unregistered.
• In this example, the no form of the command is used to unregister a specified policy.
Embedded Event Manager Configuration Guide
127
Writing Embedded Event Manager Policies Using Tcl
Suspending EEM Policy Execution
Step 5
Step 6
Command or Action exit
Example:
Device(config)# exit
Repeat
to ensure that the policy has been removed.
--
Purpose
Exits global configuration mode and returns to privileged
EXEC mode.
Example:
Device# show event manager policy registered
Examples
In the following example, the show event manager policy registered privileged EXEC command is used to display the three EEM policies that are currently registered:
Device#
show event manager policy registered
No.
Type
1 system
Event Type timer cron
Trap Time Registered Name
Off Tue Oct11 01:43:18 2005 tm_cli_cmd.tcl
name {crontimer2} cron entry {0-59/1 0-23/1 * * 0-7} nice 0 priority normal maxrun 240.000
2 system syslog Off Tue Oct11 01:43:28 2005 sl_intf_down.tcl
occurs 1 pattern {.*UPDOWN.*Ethernet1/0.*}
3 nice 0 priority normal maxrun 90.000
system proc abort Off Tue Oct11 01:43:38 2005 pr_cdp_abort.tcl
instance 1 path {cdp2.iosproc} nice 0 priority normal maxrun 20.000
After the current policies are displayed, it is decided to delete the pr_cdp_abort.tcl policy using the no form of the event manager policy command:
Device#
configure terminal
Device(config)#
no event manager policy pr_cdp_abort.tcl
Device(config)#
exit
The show event manager policy registered privileged EXEC command is entered again to display the EEM policies that are currently registered. The policy pr_cdp_abort.tcl is no longer registered.
Device#
show event manager policy registered
No.
Type
1 system
Event Type timer cron
Trap Time Registered Name
Off Tue Oct11 01:45:17 2005 tm_cli_cmd.tcl
name {crontimer2} cron entry {0-59/1 0-23/1 * * 0-7} nice 0 priority normal maxrun 240.000
2 system syslog Off Tue Oct11 01:45:27 2005 sl_intf_down.tcl
occurs 1 pattern {.*UPDOWN.*Ethernet1/0.*} nice 0 priority normal maxrun 90.000
Suspending EEM Policy Execution
Perform this task to immediately suspend the execution of all EEM policies. Suspending policies, instead of unregistering them, might be necessary for reasons of temporary performance or security.
128
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Suspending EEM Policy Execution
SUMMARY STEPS
1. enable
2. show event manager policy registered [event-type event-name][system| user] [time-ordered|
name-ordered] [detailed policy-filename]
3. configure terminal
4. event manager scheduler suspend
5. exit
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action enable
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Device> enable
show event manager policy registered [event-type
event-name][system| user] [time-ordered|
name-ordered] [detailed policy-filename]
Example:
Device# show event manager policy registered
(Optional) Displays the EEM policies that are currently registered.
• The optional systemor user keyword displays the registered system or user policies.
• If no keywords are specified, EEM registered policies for all event types are displayed in time order.
configure terminal
Example:
Device# configure terminal
event manager scheduler suspend
Enters global configuration mode.
Immediately suspends the execution of all EEM policies.
Example:
Device(config)# event manager scheduler suspend
exit
Exits global configuration mode and returns to privileged
EXEC mode.
Example:
Device(config)# exit
Embedded Event Manager Configuration Guide
129
Writing Embedded Event Manager Policies Using Tcl
Managing EEM Policies
Examples
In the following example, the show event manager policy registered privileged EXEC command is used to display all the EEM registered policies:
Device#
show event manager policy registered
No.
Type
1 system
Event Type timer cron
Trap Time Registered Name
Off Sat Oct11 01:43:18 2003 tm_cli_cmd.tcl
2 name {crontimer2} cron entry {0-59/1 0-23/1 * * 0-7} nice 0 priority normal maxrun 240.000
system syslog Off Sat Oct11 01:43:28 2003 sl_intf_down.tcl
3 occurs 1 pattern {.*UPDOWN.*Ethernet1/0.*} nice 0 priority normal maxrun 90.000
system proc abort instance 1 path {cdp2.iosproc}
Off Sat Oct11 01:43:38 2003 pr_cdp_abort.tcl
nice 0 priority normal maxrun 20.000
The event manager scheduler suspend command is entered to immediately suspend the execution of all
EEM policies:
Device#
configure terminal
Device(config)#
event manager scheduler suspend
*Nov 2 15:34:39.000: %HA_EM-6-FMS_POLICY_EXEC: fh_io_msg: Policy execution has been suspended
Managing EEM Policies
Perform this task to specify a directory to use for storing user library files or user-defined EEM policies.
Note
This task applies only to EEM policies that are written using Tcl scripts.
SUMMARY STEPS
1. enable
2. show event manager directory user [library| policy]
3. configure terminal
4. event manager directory user {library path| policy path}
5. exit
DETAILED STEPS
Step 1
Step 2
Command or Action enable
Example:
Device> enable
show event manager directory user [library|
policy]
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
(Optional) Displays the directory to use for storing EEM user library or policy files.
130
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Modifying History Table Size and Displaying EEM History Data
Step 3
Step 4
Step 5
Command or Action
Example:
Device# show event manager directory user library
Purpose
• The optional librarykeyword displays the directory to use for user library files.
• The optional policykeyword displays the directory to use for user-defined EEM policies.
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
event manager directory user {library path|
policy path}
Specifies a directory to use for storing user library files or user-defined EEM policies.
• Use the pathargument to specify the absolute pathname to the user directory.
Example:
Device(config)# event manager directory user library disk0:/user_library
exit
Exits global configuration mode and returns to privileged EXEC mode.
Example:
Device(config)# exit
Examples
In the following example, the show event manager directory user privileged EXEC command is used to display the directory, if it exists, to use for storing EEM user library files:
Device#
show event manager directory user library
disk0:/user_library
Modifying History Table Size and Displaying EEM History Data
Perform this optional task to change the size of the history tables and to display EEM history data.
SUMMARY STEPS
1. enable
2. configure terminal
3. event manager history size {events | traps} [size]
4. exit
5. show event manager history events [detailed] [maximum number]
6. show event manager history traps [server | policy]
Embedded Event Manager Configuration Guide
131
Writing Embedded Event Manager Policies Using Tcl
Modifying History Table Size and Displaying EEM History Data
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device>
enable configure terminal
Enters global configuration mode.
Example:
Device#
configure terminal
event manager history size {events | traps} [size]
Use this command to change the size of the EEM event history table or the size of the EEM SNMP trap history table.
In the following example, the size of the EEM event history table is changed to 30 entries:
Example:
Device(config)#
event manager history size events 30 exit
Exits global configuration mode and returns to privileged EXEC mode.
Example:
Device(config)#
exit
show event manager history events [detailed] [maximum number]
Use this command to display information about each EEM event that has been triggered.
Example:
3
4
5
Device#
show event manager history events
No.
Time of Event
1 Fri Sep 9 13:48:40 2005
Event Type syslog
2 Fri Sep 9 13:48:40 2005 syslog
Fri Sep
Fri Sep
Fri Sep
9 13:48:40 2005
9 13:50:00 2005
9 13:51:00 2005 syslog timer cron timer cron
Name applet: one applet: two applet: three script: tm_cli_cmd.tcl
script: tm_cli_cmd.tcl
show event manager history traps [server | policy]
Use this command to display the EEM SNMP traps that have been sent either from the EEM server or from an EEM policy.
Example:
Device#
show event manager history traps
No.
Time Trap Type Name
132
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Displaying Software Modularity Process Reliability Metrics Using EEM
1
2
Fri Sep 9 13:48:40 2005 server
Fri Sep 9 13:57:03 2005 policy applet: four script: no_snmp_test.tcl
Displaying Software Modularity Process Reliability Metrics Using EEM
Perform this optional task to display reliability metrics for Cisco IOS Software Modularity processes. The
show event manager metric processes command is supported only in Software Modularity images.
SUMMARY STEPS
1. enable
2. show event manager metric process {all| process-name}
DETAILED STEPS
Step 1
Step 2 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device>
enable
show event manager metric process {all| process-name}
Use this command to display the reliability metric data for processes. The system keeps a record of when processes start and end, and this data is used as the basis for reliability analysis. In this partial example, the first and last entries showing the metric data for the processes on all the cards inserted in the system are displayed.
Example:
Device#
show event manager metric process all
===================================== process name: devc-pty, instance: 1 sub_system id: 0, version: 00.00.0000
-------------------------------last event type: process start recent start time: Fri Oct10 20:34:40 2005 recent normal end time: n/a recent abnormal end time: n/a number of times started: 1 number of times ended normally: 0 number of times ended abnormally: 0 most recent 10 process start times:
--------------------------
Fri Oct10 20:34:40 2005
-------------------------most recent 10 process end times and types: cumulative process available time: 6 hours 30 minutes 7 seconds 378 milliseconds cumulative process unavailable time: 0 hours 0 minutes 0 seconds 0 milliseconds process availability: 0.100000000
number of abnormal ends within the past 60 minutes (since reload): 0 number of abnormal ends within the past 24 hours (since reload): 0 number of abnormal ends within the past 30 days (since reload): 0
Embedded Event Manager Configuration Guide
133
Writing Embedded Event Manager Policies Using Tcl
Modifying the Sample EEM Policies
.
.
.
===================================== process name: cdp2.iosproc, instance: 1 sub_system id: 0, version: 00.00.0000
-------------------------------last event type: process start recent start time: Fri Oct10 20:35:02 2005 recent normal end time: n/a recent abnormal end time: n/a number of times started: 1 number of times ended normally: 0 number of times ended abnormally: 0 most recent 10 process start times:
--------------------------
Fri Oct10 20:35:02 2005
-------------------------most recent 10 process end times and types: cumulative process available time: 6 hours 29 minutes 45 seconds 506 milliseconds cumulative process unavailable time: 0 hours 0 minutes 0 seconds 0 milliseconds process availability: 0.100000000
number of abnormal ends within the past 60 minutes (since reload): 0 number of abnormal ends within the past 24 hours (since reload): 0 number of abnormal ends within the past 30 days (since reload): 0
Troubleshooting Tips
Use the debug event manager command in privileged EXEC mode to troubleshoot EEM command operations.
Use any debugging command with caution because the volume of output generated can slow or stop the device operations. We recommend that this command be used only under the supervision of a Cisco engineer.
Modifying the Sample EEM Policies
Perform this task to modify one of the sample policies. Cisco software contains some sample policies in the images that contain the Embedded Event Manager. Developers of EEM policies may modify these policies by customizing the event for which the policy is to be run and the options associated with logging and responding to the event. In addition, developers may select the actions to be implemented when the policy runs.
Sample EEM Policies
Cisco includes a set of sample policies shown in the table below. You can copy the sample policies to a user directory and then modify the policies, or you can write your own policies. Tcl is currently the only
Cisco-supported scripting language for policy creation. Tcl policies can be modified using a text editor such as Emacs. Policies must execute within a defined number of seconds of elapsed time, and the time variable can be configured within a policy. The default is currently 20 seconds.
The table below describes the sample EEM policies.
134
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Table 14: Sample EEM Policy Descriptions
Name of Policy
pr_cdp_abort.tcl
pr_crash_reporter.tcl
pr_iprouting_abort.tcl
sl_intf_down.tcl
tm_cli_cmd.tcl
tm_crash_history.tcl
tm_crash_reporter.tcl
tm_fsys_usage.tcl
Modifying the Sample EEM Policies
Description
Introduced with Cisco Software Modularity images.
This policy monitors for cdp2.iosproc process abort events. It will log a message to SYSLOG and send an e-mail with the details of the abort.
Introduced with Cisco Software Modularity images.
This policy monitors for all process abort events.
When an event occurs, the policy will send crash information, including the crashdump file, to the specified URL where a CGI script processes the data.
Introduced with Cisco Software Modularity images.
This policy monitors for iprouting.iosproc process abort events. It will log a message to SYSLOG and send an e-mail with the details of the abort.
This policy runs when a configurable syslog message is logged. It will execute a configurable CLI command and e-mail the results.
This policy runs using a configurable CRON entry.
It will execute a configurable CLI command and e-mail the results.
Introduced with Cisco Software Modularity images.
This policy runs at midnight every day and e-mails a process crash history report to a specified e-mail address.
This policy runs 5 seconds after it is registered. If the policy is saved in the configuration, it will also run each time that the device is reloaded. The policy will prompt for the reload reason. If the reload was due to a crash, the policy will search for the latest crashinfo file and send this information to a specified
URL location.
Introduced with Cisco Software Modularity images.
This policy runs using a configurable CRON entry and monitors disk space usage. A syslog message will be displayed if disk space usage crosses configurable thresholds.
Embedded Event Manager Configuration Guide
135
Writing Embedded Event Manager Policies Using Tcl
Modifying the Sample EEM Policies
Name of Policy
wd_mem_reporter.tcl
Description
Introduced with Cisco Software Modularity images.
This policy reports on low system memory conditions when the amount of memory available falls below 20 percent of the initial available system memory. A syslog message will be displayed and, optionally, an e-mail will be sent.
For more details about the sample policies available and how to run them, see the
.
SUMMARY STEPS
1. enable
2. show event manager policy available detailed policy-filename
3. Cut and paste the contents of the sample policy displayed on the screen to a text editor.
4. Edit the policy and save it with a new filename.
5. Copy the new file back to the device flash memory.
6. configure terminal
7. event manager directory user {library path| policy path}
8. event manager policy policy-filename [type {system| user}] [trap]
DETAILED STEPS
Step 1
Step 2
Step 3 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device>
enable
show event manager policy available detailed policy-filename
Displays the actual specified sample policy including details about the environment variables used by the policy and instructions for running the policy. The detailed keyword was introduced for the show event manager policy available and the show event manager policy registered commands. Depending on your release, you may need to copy one of the two Tcl scripts from the configuration examples section in this document (see the
Sample Scripts Example, on page 163
). In the following example, details about the sample policy tm_cli_cmd.tcl are displayed on the screen.
Example:
Device#
show event manager policy available detailed tm_cli_cmd.tcl
Cut and paste the contents of the sample policy displayed on the screen to a text editor.
Use the edit and copy functions to move the contents from the device to a text editor on another device.
136
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Step 4
Step 5
Step 6
Step 7
Step 8
Edit the policy and save it with a new filename.
Use the text editor to modify the policy as a Tcl script. For file naming conventions, see the
Cisco File Naming Convention for EEM, on page 122
.
Copy the new file back to the device flash memory.
Copy the file to the flash file system on the device--typically disk0:. For more details about copying files, see the “Using the Cisco IOS File System” chapter in the Configuration Fundamentals Configuration Guide.
configure terminal
Enters global configuration mode.
Example:
Device#
configure terminal
event manager directory user {library path| policy path}
Specifies a directory to use for storing user library files or user-defined EEM policies. In the following example, the user_library directory on disk0 is specified as the directory for storing user library files.
Example:
Device(config)#
event manager directory user library disk0:/user_library
event manager policy policy-filename [type {system| user}] [trap]
Registers the EEM policy to be run when the specified event defined within the policy occurs. In the following example, the new EEM policy named test.tcl is registered as a user-defined policy.
Example:
Device(config)#
event manager policy test.tcl type user
Programming EEM Policies with Tcl
Perform this task to help you program a policy using Tcl command extensions. We recommend that you copy an existing policy and modify it. There are two required parts that must exist in an EEM Tcl policy: the
event_register Tcl command extension and the body. All other sections shown in the
Tcl Policy Structure and Requirements, on page 138
concept are optional.
Embedded Event Manager Configuration Guide
137
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Tcl Policy Structure and Requirements
All EEM policies share the same structure, shown in the figure below. There are two parts of an EEM policy that are required: the event_register Tcl command extension and the body. The remaining parts of the policy are optional: environment must defines, namespace import, entry status, and exit status.
Figure 4: Tcl Policy Structure and Requirements
The start of every policy must describe and register the event to detect using an event_register Tcl command extension. This part of the policy schedules the running of the policy . The following example Tcl code shows how to register the event_register_timer Tcl command extension:
::cisco::eem::event_register_timer cron name crontimer2 cron_entry $_cron_entry maxrun 240
The environment must defines section is optional and includes the definition of environment variables. The following example Tcl code shows how to check for, and define, some environment variables.
# Check if all the env variables that we need exist.
# If any of them does not exist, print out an error msg and quit.
if {![info exists _email_server]} { set result \
"Policy cannot be run: variable _email_server has not been set" error $result $errorInfo
} if {![info exists _email_from]} { set result \
"Policy cannot be run: variable _email_from has not been set" error $result $errorInfo
} if {![info exists _email_to]} { set result \
"Policy cannot be run: variable _email_to has not been set" error $result $errorInfo
The namespace import section is optional and defines code libraries. The following example Tcl code shows how to configure a namespace import section.
namespace import ::cisco::eem::* namespace import ::cisco::lib::*
The body of the policy is a required structure and might contain the following:
• The event_reqinfoevent information Tcl command extension that is used to query the EEM for information about the detected event.
138
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
• The action Tcl command extensions, such as action_syslog, that are used to specify EEM specific actions.
• The system information Tcl command extensions, such as sys_reqinfo_routername, that are used to obtain general system information.
• Use of the SMTP library (to send e-mail notifications) or the CLI library (to run CLI commands) from a policy.
• The context_save and context_retrieve Tcl command extensions that are used to save Tcl variables for use by other policies.
The following example Tcl code shows the code to query an event and log a message as part of the body section.
# Query the event info and log a message.
array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} global timer_type timer_time_sec set timer_type $arr_einfo(timer_type) set timer_time_sec $arr_einfo(timer_time_sec)
# Log a message.
set msg [format "timer event: timer type %s, time expired %s" \
$timer_type [clock format $timer_time_sec]] action_syslog priority info msg $msg if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
EEM Entry Status
The entry status part of an EEM policy is used to determine if a prior policy has been run for the same event, and to determine the exit status of the prior policy. If the _entry_status variable is defined, a prior policy has already run for this event. The value of the _entry_status variable determines the return code of the prior policy.
Entry status designations may use one of three possible values: 0 (previous policy was successful), Not=0
(previous policy failed), and Undefined (no previous policy was executed).
EEM Exit Status
When a policy finishes running its code, an exit value is set. The exit value is used by the Embedded Event
Manager to determine whether or not to apply the default action for this event, if any. A value of zero means do not perform the default action. A value of nonzero means perform the default action. The exit status will be passed to subsequent policies that are run for the same event.
Embedded Event Manager Configuration Guide
139
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
EEM Policies and Cisco Error Number
Some EEM Tcl command extensions set a Cisco Error Number Tcl global variable _cerrno. Whenever _cerrno is set, four other Tcl global variables are derived from _cerrno and are set along with it (_cerr_sub_num,
_cerr_sub_err, _cerr_posix_err, and _cerr_str).
For example, the action_syslog command in the example below sets these global variables as a side effect of the command execution: action_syslog priority warning msg
“A sample message generated by action_syslog” if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
_cerrno: 32-Bit Error Return Values
The _cerrno set by a command can be represented as a 32-bit integer of the following form:
XYSSSSSSSSSSSSSEEEEEEEEPPPPPPPPP
For example, the following error return value might be returned from an EEM Tcl command extension:
862439AE
This number is interpreted as the following 32-bit value:
10000110001001000011100110101110
This 32-bit integer is divided up into the five variables shown in the table below.
Table 15: _cerrno: 32-Bit Error Return Value Variables
Variable
XY
SSSSSSSSSSSSSS
Variable
EEEEEEEE
Description
The error class (indicates the severity of the error).
This variable corresponds to the first two bits in the
32-bit error return value; 10 in the case above, which indicates CERR_CLASS_WARNING:
See the table below for the four possible error class encodings specific to this variable.
The subsystem number that generated the most recent error (13 bits = 8192 values). This is the next 13 bits of the 32-bit sequence, and its integer value is contained in $_cerr_sub_num.
Description
The subsystem specific error number (8 bits = 256 values). This segment is the next 8 bits of the 32-bit sequence, and the string corresponding to this error number is contained in $_cerr_sub_err.
140
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Variable
PPPPPPPP
Description
The pass-through POSIX error code (9 bits = 512 values). This represents the last of the 32-bit sequence, and the string corresponding to this error code is contained in $_cerr_posix_err.
10
11
00
01
Error Class Encodings for XY
The first variable, XY, references the possible error class encodings shown in the table below.
Table 16: Error Class Encodings
CERR_CLASS_SUCCESS
CERR_CLASS_INFO
CERR_CLASS_WARNING
CERR_CLASS_FATAL
An error return value of zero means SUCCESS.
SUMMARY STEPS
1. enable
2. show event manager policy available detailed policy-filename
3. Cut and paste the contents of the sample policy displayed on the screen to a text editor.
4. Define the required event_register Tcl command extension.
5. Add the appropriate namespace under the ::cisco hierarchy.
6. Program the must defines section to check for each environment variable that is used in this policy.
7. Program the body of the script.
8. Check the entry status to determine if a policy has previously run for this event.
9. Check the exit status to determine whether or not to apply the default action for this event, if a default action exists.
10. Set Cisco Error Number (_cerrno) Tcl global variables.
11. Save the Tcl script with a new filename, and copy the Tcl script to the device.
12. configure terminal
13. event manager directory user {library path| policy path}
14. event manager policy policy-filename [type {system| user}] [trap]
15. Cause the policy to execute, and observe the policy.
16. Use debugging techniques if the policy does not execute correctly.
Embedded Event Manager Configuration Guide
141
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device>
enable
show event manager policy available detailed policy-filename
Displays the actual specified sample policy including details about the environment variables used by the policy and instructions for running the policy. The detailed keyword was introduced for the show event manager policy available and the show event manager policy registered commands. Depending on your release, you must copy one of the two
Tcl scripts from the configuration examples section in this document (see the
Programming Policies with Tcl Sample
). In the following example, details about the sample policy tm_cli_cmd.tcl are displayed on the screen.
Example:
Device#
show event manager policy available detailed tm_cli_cmd.tcl
Cut and paste the contents of the sample policy displayed on the screen to a text editor.
Use the edit and copy functions to move the contents from the device to a text editor on another device. Use the text editor to edit the policy as a Tcl script.
Define the required event_register Tcl command extension.
Choose the appropriate event_register Tcl command extension from the table below for the event that you want to detect, and add it to the policy.
Table 17: EEM Event Registration Tcl Command Extensions
Event Registration Tcl Command Extensions
event_register_appl event_register_cli event_register_counter event_register_gold event_register_interface event_register_ioswdsysmon event_register_ipsla event_register_nf event_register_none
142
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Event Registration Tcl Command Extensions
event_register_oir event_register_process event_register_resource event_register_rf event_register_routing event_register_rpc event_register_snmp event_register_snmp_notification event_register_snmp_object event_register_syslog event_register_timer event_register_timer_subscriber event_register_track event_register_wdsysmon
Step 5
Add the appropriate namespace under the ::cisco hierarchy.
Policy developers can use the new namespace ::cisco in Tcl policies in order to group all the extensions used by Cisco
IOS EEM. There are two namespaces under the ::cisco hierarchy, and the table below shows which category of EEM
Tcl command extension belongs under each namespace.
Embedded Event Manager Configuration Guide
143
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Table 18: Cisco IOS EEM Namespace Groupings
Namespace
::cisco::eem
::cisco::lib
Category of Tcl Command Extension
EEM event registration
EEM event information
EEM event publish
EEM action
EEM utility
EEM context library
EEM system information
CLI library
SMTP library
Step 6
Note
Make sure that you import the appropriate namespaces or use the qualified command names when using the above commands.
Program the must defines section to check for each environment variable that is used in this policy.
This is an optional step. Must defines are a section of the policy that tests whether any EEM environment variables that are required by the policy are defined before the recovery actions are taken. The must defines section is not required if the policy does not use any EEM environment variables. EEM environment variables for EEM scripts are Tcl global variables that are defined external to the policy before the policy is run. To define an EEM environment variable, use the Embedded Event Manager configuration command event manager environment CLI command. By convention all
Cisco EEM environment variables begin with “ _ ” (an underscore). In order to avoid future conflict, customers are urged not to define new variables that start with “ _ ”.
Note
You can display the Embedded Event Manager environment variables set on your system by using the show
event manager environment privileged EXEC command.
For example, Embedded Event Manager environment variables defined by the sample policies include e-mail variables.
The sample policies that send e-mail must have the variables shown in the table below set in order to function properly.
The table below describes the e-mail-specific environment variables used in the sample EEM policies.
144
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Table 19: E-mail-Specific Environmental Variables Used by the Sample Policies
Environment Variable
_email_server
_email_to
_email_from
_email_cc
Description
A Simple Mail Transfer Protocol
(SMTP) mail server used to send e-mail.
Example
The e-mail server name can be in any one of the following template formats:
• username:password@host
• username@host
• host
The address to which e-mail is sent.
The address from which e-mail is sent.
The address to which the e-mail must be copied.
Step 7
The following example of a must define section shows how to program a check for e-mail-specific environment variables.
Example of Must Defines
Example:
if {![info exists _email_server]} { set result \
"Policy cannot be run: variable _email_server has not been set" error $result $errorInfo
} if {![info exists _email_from]} { set result \
"Policy cannot be run: variable _email_from has not been set" error $result $errorInfo
} if {![info exists _email_to]} { set result \
"Policy cannot be run: variable _email_to has not been set" error $result $errorInfo
} if {![info exists _email_cc]} { set result \
"Policy cannot be run: variable _email_cc has not been set" error $result $errorInfo
}
Program the body of the script.
In this section of the script, you can define any of the following:
• The event_reqinfoevent information Tcl command extension that is used to query the EEM for information about the detected event.
• The action Tcl command extensions, such as action_syslog, that are used to specify EEM specific actions.
• The system information Tcl command extensions, such as sys_reqinfo_routername, that are used to obtain general system information.
Embedded Event Manager Configuration Guide
145
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Step 8
Step 9
Step 10
• The context_save and context_retrieve Tcl command extensions that are used to save Tcl variables for use by other policies.
• Use of the SMTP library (to send e-mail notifications) or the CLI library (to run CLI commands) from a policy.
Check the entry status to determine if a policy has previously run for this event.
If the prior policy is successful, the current policy may or may not require execution. Entry status designations may use one of three possible values: 0 (previous policy was successful), Not=0 (previous policy failed), and Undefined (no previous policy was executed).
Check the exit status to determine whether or not to apply the default action for this event, if a default action exists.
A value of zero means do not perform the default action. A value of nonzero means perform the default action. The exit status will be passed to subsequent policies that are run for the same event.
Set Cisco Error Number (_cerrno) Tcl global variables.
Some EEM Tcl command extensions set a Cisco Error Number Tcl global variable _cerrno. Whenever _cerrno is set, four other Tcl global variables are derived from _cerrno and are set along with it (_cerr_sub_num, _cerr_sub_err,
_cerr_posix_err, and _cerr_str).
For example, the action_syslog command in the example below sets these global variables as a side effect of the command execution:
Step 11
Step 12
Example:
action_syslog priority warning msg
“A sample message generated by action_syslog if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
Save the Tcl script with a new filename, and copy the Tcl script to the device.
Embedded Event Manager policy filenames adhere to the following specification:
• An optional prefix--Mandatory.--indicating, if present, that this is a system policy that should be registered automatically at boot time if it is not already registered. For example: Mandatory.sl_text.tcl.
• A filename body part containing a two-character abbreviation (see
EEM Policies and Cisco Error Number, on
page 140 ) for the first event specified; an underscore character part; and a descriptive field part further identifying the policy.
• A filename suffix part defined as .tcl.
For more details, see the
Cisco File Naming Convention for EEM, on page 122
.
Copy the file to the flash file system on the device--typically disk0:. For more details about copying files, see the “Using the Cisco IOS File System” chapter in the Cisco IOS Configuration Fundamentals Configuration Guide .
configure terminal
Enters global configuration mode.
Step 13
Example:
Device#
configure terminal
event manager directory user {library path| policy path}
146
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming EEM Policies with Tcl
Specifies a directory to use for storing user library files or user-defined EEM policies. In the following example, the user_library directory on disk0 is specified as the directory for storing user library files.
Step 14
Example:
Device(config)#
event manager directory user library disk0:/user_library
event manager policy policy-filename [type {system| user}] [trap]
Registers the EEM policy to be run when the specified event defined within the policy occurs. In the following example, the new EEM policy named cl_mytest.tcl is registered as a user-defined policy.
Step 15
Step 16
Example:
Device(config)#
event manager policy cl_mytest.tcl type user
Cause the policy to execute, and observe the policy.
To test that the policy runs, generate the conditions that will cause the policy to execute and observe that the policy runs as expected.
Use debugging techniques if the policy does not execute correctly.
Use the Cisco IOS debug event manager CLI command with its various keywords to debug issues. Refer to the
Troubleshooting Tips, on page 147
for details about using Tcl-specific keywords.
Troubleshooting Tips
• Use the debug event manager tcl commands CLI command to debug issues with Tcl extension commands. When enabled, this command displays all data that is passed in and read back from the TTY session that handles the CLI interactions. This data helps ensure users that the commands they are passing to the CLI are valid.
• The CLI library allows users to run CLI commands and obtain the output of commands in Tcl. Use the
debug event manager tcl cli-library CLI command to debug issues with the CLI library.
• The SMTP library allows users to send e-mail messages to an SMTP e-mail server. Use the debug event
manager tcl smtp_library CLI command to debug issues with the SMTP library. When enabled, this command displays all data that is passed in and read back from the SMTP library routines. This data helps ensure users that the commands they are passing to the SMTP library are valid.
• Tcl is a flexible language that allows you to override commands. For example, you can modify the set command and create a version of the set command that displays a message when a scalar variable is set.
When the set command is entered in a policy, a message is displayed anytime a scalar variable is set, and this provides a way to debug scalar variables. To view an example of this debugging technique, see the
Tracing Tcl set Command Operations Example, on page 173
.
To view examples of the some of these debugging techniques, see the
Debugging Embedded Event Manager
Policies Examples, on page 171
.
Embedded Event Manager Configuration Guide
147
Writing Embedded Event Manager Policies Using Tcl
Creating an EEM User Tcl Library Index
Creating an EEM User Tcl Library Index
Perform this task to create an index file that contains a directory of all the procedures contained in a library of Tcl files. This task allows you to test library support in EEM Tcl. In this task, a library directory is created to contain the Tcl library files, the files are copied into the directory, and an index tclIndex) is created that contains a directory of all the procedures in the library files. If the index is not created, the Tcl procedures will not be found when an EEM policy is run that references a Tcl procedure.
SUMMARY STEPS
1. On your workstation (UNIX, Linux, PC, or Mac) create a library directory and copy the Tcl library files into the directory.
2. tclsh
3. auto_mkindex directory_name *.tcl
4. Copy the Tcl library files from
Creating an EEM User Tcl Library Index, on page 148
and the tclIndex file from
Creating an EEM User Tcl Library Index, on page 148
to the directory used for storing user library files on the target device.
5. Copy a user-defined EEM policy file written in Tcl to the directory used for storing user-defined EEM policies on the target device. The directory can be the same directory used in
.
6. enable
7. configure terminal
8. event manager directory user library path
9. event manager directory user policy path
10. event manager policy policy-name [type {system | user} [trap ]
11. event manager run policy-name
DETAILED STEPS
Step 1
On your workstation (UNIX, Linux, PC, or Mac) create a library directory and copy the Tcl library files into the directory.
The following example files can be used to create a tclIndex on a workstation running the Tcl shell:
lib1.tcl
Example:
proc test1 {} { puts "In procedure test1"
} proc test2 {} { puts "In procedure test2"
}
lib2.tcl
Example:
proc test3 {} {
148
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Creating an EEM User Tcl Library Index
Step 2
Step 3
Step 4
Step 5
puts "In procedure test3"
}
tclsh
Use this command to enter the Tcl shell.
Example:
workstation%
tclsh
auto_mkindex directory_name *.tcl
Use the auto_mkindex command to create the tclIndex file. The tclIndex file that contains a directory of all the procedures contained in the Tcl library files. We recommend that you run auto_mkindex inside a directory because there can only be a single tclIndex file in any directory and you may have other Tcl files to be grouped together. Running auto_mkindex in a directory determines which tcl source file or files are indexed using a specific tclIndex.
Example:
workstation%
auto_mkindex eem_library *.tcl
The following example TclIndex is created when the lib1.tcl and lib2.tcl files are in a library file directory and the
auto_mkindex command is run.
tclIndex
Example:
# Tcl autoload index file, version 2.0
# This file is generated by the "auto_mkindex" command
# and sourced to set up indexing information for one or
# more commands.
Typically each line is a command that
# sets an element in the auto_index array, where the
# element name is the name of a command and the value is
# a script that loads the command.
set auto_index(test1) [list source [file join $dir lib1.tcl]] set auto_index(test2) [list source [file join $dir lib1.tcl]] set auto_index(test3) [list source [file join $dir lib2.tcl]]
Copy the Tcl library files from
Creating an EEM User Tcl Library Index, on page 148
and the tclIndex file from
Creating an EEM User Tcl Library Index, on page 148
to the directory used for storing user library files on the target device.
Copy a user-defined EEM policy file written in Tcl to the directory used for storing user-defined EEM policies on the target device. The directory can be the same directory used in
Creating an EEM User Tcl Library Index, on page 148
.
The directory for storing user-defined EEM policies can be the same directory used in
Creating an EEM User Tcl Library
. The following example user-defined EEM policy can be used to test the Tcl library support in EEM.
libtest.tcl
Example:
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* global auto_index auto_path puts [array names auto_index]
Embedded Event Manager Configuration Guide
149
Writing Embedded Event Manager Policies Using Tcl
Creating an EEM User Tcl Library Index
Step 6
Step 7
if { [catch {test1} result]} { puts "calling test1 failed result = $result $auto_path"
} if { [catch {test2} result]} { puts "calling test2 failed result = $result $auto_path"
} if { [catch {test3} result]} { puts "calling test3 failed result = $result $auto_path"
}
enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device>
enable configure terminal
Enables global configuration mode.
Step 8
Step 9
Example:
Device#
configure terminal
event manager directory user library path
Use this command to specify the EEM user library directory; this is the directory to which the files in
User Tcl Library Index, on page 148
were copied.
Example:
Device(config)#
event manager directory user library disk2:/eem_library
event manager directory user policy path
Use this command to specify the EEM user policy directory; this is the directory to which the file in
User Tcl Library Index, on page 148
was copied.
Step 10
Example:
Device(config)#
event manager directory user policy disk2:/eem_policies
event manager policy policy-name [type {system | user} [trap ]
Use this command to register a user-defined EEM policy. In this example, the policy named libtest.tcl is registered.
Step 11
Example:
Device(config)#
event manager policy libtest.tcl
event manager run policy-name
Use this command to manually run an EEM policy. In this example, the policy named libtest.tcl is run to test the Tcl support in EEM. The example output shows that the test for Tcl support in EEM was successful.
150
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Creating an EEM User Tcl Package Index
Example:
Device(config)#
event manager run libtest.tcl
The following output is displayed:
01:24:37: %HA_EM-6-LOG: libtest.tcl: In procedure test1
01:24:37: %HA_EM-6-LOG: libtest.tcl: In procedure test2
01:24:37: %HA_EM-6-LOG: libtest.tcl: In procedure test3
Creating an EEM User Tcl Package Index
Perform this task to create a Tcl package index file that contains a directory of all the Tcl packages and version information contained in a library of Tcl package files. Tcl packages are supported, depending on your release, using the Tcl package keyword.
Tcl packages are located in either the EEM system library directory or the EEM user library directory. When a package require Tcl command is executed, the user library directory is searched first for a pkgIndex.tcl
file. If the pkgIndex.tcl file is not found in the user directory, the system library directory is searched. In this task, a Tcl package directory--the pkgIndex.tcl file--is created in the appropriate library directory using the
pkg_mkIndex command to contain information about all of the Tcl packages contained in the directory along with version information. If the index is not created, the Tcl packages will not be found when an EEM policy is run that contains a package require Tcl command.
Using the Tcl package support in EEM, users can gain access to packages such as XML_RPC for Tcl. When the Tcl package index is created, a Tcl script can easily make an XML-RPC call to an external entity.
Note
Packages implemented in C programming code are not supported in EEM.
Embedded Event Manager Configuration Guide
151
Writing Embedded Event Manager Policies Using Tcl
Creating an EEM User Tcl Package Index
SUMMARY STEPS
1. On your workstation (UNIX, Linux, PC, or Mac) create a library directory and copy the Tcl package files into the directory.
2. tclsh
3. pkg_mkindex directory_name *.tcl
4. Copy the Tcl library files from
Creating an EEM User Tcl Package Index, on page 151
and the pkgIndex file from
Creating an EEM User Tcl Package Index, on page 151
to the directory used for storing user library files on the target device.
5. Copy a user-defined EEM policy file written in Tcl to the directory used for storing user-defined EEM policies on the target device. The directory can be the same directory used in
.
6. enable
7. configure terminal
8. event manager directory user library path
9. event manager directory user policy path
10. event manager policy policy-name [type {system | user} [trap]
11. event manager run policy-name
DETAILED STEPS
Step 1
Step 2
Step 3
On your workstation (UNIX, Linux, PC, or Mac) create a library directory and copy the Tcl package files into the directory.
tclsh
Use this command to enter the Tcl shell.
Example:
workstation%
tclsh
pkg_mkindex directory_name *.tcl
Use the pkg_mkindex command to create the pkgIndex file. The pkgIndex file contains a directory of all the packages contained in the Tcl library files. We recommend that you run pkg_mkindex inside a directory because there can only be a single pkgIndex file in any directory and you may have other Tcl files to be grouped together. Running pkg_mkindex in a directory determines which Tcl package file or files are indexed using a specific pkgIndex.
Example:
workstation%
pkg_mkindex eem_library *.tcl
The following example pkgIndex is created when some Tcl package files are in a library file directory and the
pkg_mkindex command is run.
pkgIndex
Example:
# Tcl package index file, version 1.1
152
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Creating an EEM User Tcl Package Index
Step 4
Step 5
Step 6
Step 7
Step 8
# This file is generated by the "pkg_mkIndex" command
# and sourced either when an application starts up or
# by a "package unknown" script. It invokes the
# "package ifneeded" command to set up package-related
# information so that packages will be loaded automatically
# in response to "package require" commands. When this
# script is sourced, the variable $dir must contain the
# full path name of this file's directory.
package ifneeded xmlrpc 0.3 [list source [file join $dir xmlrpc.tcl]]
Copy the Tcl library files from
Creating an EEM User Tcl Package Index, on page 151
and the pkgIndex file from
Creating an EEM User Tcl Package Index, on page 151
to the directory used for storing user library files on the target device.
Copy a user-defined EEM policy file written in Tcl to the directory used for storing user-defined EEM policies on the target device. The directory can be the same directory used in
Creating an EEM User Tcl Package Index, on page 151
.
The directory for storing user-defined EEM policies can be the same directory used in
Creating an EEM User Tcl Package
. The following example user-defined EEM policy can be used to test the Tcl package support in
EEM.
packagetest.tcl
Example:
::cisco::eem::event_register_none maxrun 1000000.000
#
# test if xmlrpc available
#
#
# Namespace imports
# namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# package require xmlrpc puts "Did you get an error?"
enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device>
enable configure terminal
Enables global configuration mode.
Example:
Device#
configure terminal
event manager directory user library path
Use this command to specify the EEM user library directory; this is the directory to which the files in
User Tcl Package Index, on page 151
were copied.
Embedded Event Manager Configuration Guide
153
Configuration Examples for Writing Embedded Event Manager Policies Using Tcl
Writing Embedded Event Manager Policies Using Tcl
Step 9
Example:
Device(config)#
event manager directory user library disk2:/eem_library
event manager directory user policy path
Use this command to specify the EEM user policy directory; this is the directory to which the file in
User Tcl Package Index, on page 151
was copied.
Step 10
Example:
Device(config)#
event manager directory user policy disk2:/eem_policies
event manager policy policy-name [type {system | user} [trap]
Use this command to register a user-defined EEM policy. In this example, the policy named packagetest.tcl is registered.
Step 11
Example:
Device(config)#
event manager policy packagetest.tcl
event manager run policy-name
Use this command to manually run an EEM policy. In this example, the policy named packagetest.tcl is run to test the
Tcl package support in EEM.
Example:
Device(config)#
event manager run packagetest.tcl
Configuration Examples for Writing Embedded Event Manager
Policies Using Tcl
Assigning a Username for a Tcl Session Examples
The following example shows how to set a username to be associated with a Tcl session. If you are using authentication, authorization, and accounting (AAA) security and implement authorization on a command basis, you should use the event manager session cli username command to set a username to be associated with a Tcl session. The username is used when a Tcl policy executes a CLI command. TACACS+ verifies each CLI command using the username associated with the Tcl session that is running the policy. Commands from Tcl policies are not usually verified because the device must be in privileged EXEC mode to register the policy. In the example, the username is yourname, and this is the username that is used whenever a CLI command session is initiated from within an EEM policy.
configure terminal event manager session cli username yourname end
154
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
EEM Event Detector Demo Examples
EEM Sample Policy Descriptions
This configuration example features some of the sample EEM policies:
• ap_perf_test_base_cpu.tcl--Is run to measure the the CPU performance of EEM policies.
• no_perf_test_init.tcl--Is run to measure the CPU performance of EEM policies.
• sl_intf_down.tcl--Is run when a configurable syslog message is logged. It executes up to two configurable
CLI commands and e-mails the results.
• tm_cli_cmd.tcl--Is run using a configurable CRON entry. It executes a configurable CLI command and e-mails the results.
• tm_crash_reporter.tcl--Is run 5 seconds after it is registered and 5 seconds after the device boots up.
When triggered, the script attempts to find the reload reason. If the reload reason was due to a crash, the policy searches for the related crashinfo file and sends this information to a URL location specified by the user in the environment variable _crash_reporter_url.
• tm_fsys_usage.tcl--This policy runs using a configurable CRON entry and monitors disk space usage.
A syslog message is displayed if disk space usage crosses configurable thresholds.
Event Manager Environment Variables for the Sample Policies
Event manager environment variables are Tcl global variables that are defined external to the EEM policy before the policy is registered and run. The sample policies require three of the e-mail environment variables to be set (see
EEM Event Detector Demo Examples, on page 155
for a list of the e-mail variables); only
_email_cc is optional. Other required and optional variable settings are outlined in the following tables.
The table below describes the EEM environment variables that must be set before the ap_perf_test_base_cpu.tcl
sample policy is run.
Table 20: Environment Variables Used in the ap_perf_test_base_cpu.tcl Policy
Environment Variable
_perf_iterations
_perf_cmd1
_perf_cmd2
Description
The number of iterations over which to run the measurement.
Example
100
The first non interactive CLI command that is executed as part of the measurement test. This variable is optional and need not be specified.
enable
The second non interactive CLI command that is as part of the measurement test. To use
_perf_cmd2, _perf_cmd1 must be defined. This variable is optional and need not be specified.
show version
Embedded Event Manager Configuration Guide
155
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
Environment Variable
_perf_cmd3
Description Example
The third non interactive CLI command that is as part of the measurement test. To use
_perf_cmd3, _perf_cmd1 must be defined. This variable is optional and need not be specified.
show interface counters protocol status
The table below describes the EEM environment variables that must be set before the no_perf_test_init.tcl
sample policy is run.
Table 21: Environment Variables Used in the no_perf_test_init.tcl Policy
Environment Variable
_perf_iterations
_perf_cmd1
_perf_cmd2
_perf_cmd3
Description
The number of iterations over which to run the measurement.
Example
100
The first non interactive CLI command that is executed as part of the measurement test. This variable is optional and need not be specified.
enable
The second non interactive CLI command that is as part of the measurement test. To use
_perf_cmd2, _perf_cmd1 must be defined. This variable is optional and need not be specified.
show version
The third non interactive CLI command that is as part of the measurement test. To use
_perf_cmd3, _perf_cmd1 must be defined. This variable is optional and need not be specified.
show interface counters protocol status
The table below describes the EEM environment variables that must be set before the sl_intf_down.tcl sample policy is run.
Table 22: Environment Variables Used in the sl_intf_down.tcl Policy
Environment Variable
_config_cmd1
Description
The first configuration command that is executed.
Example interface Ethernet1/0
156
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
Environment Variable
_config_cmd2
_syslog_pattern
Description
The second configuration command that is executed. This variable is optional and need not be specified.
Example no shutdown
A regular expression pattern match string that is used to compare syslog messages to determine when the policy runs.
.*UPDOWN.*FastEthernet0/0.*
The table below describes the EEM environment variables that must be set before the tm_cli_cmd.tcl sample policy is run.
Table 23: Environment Variables Used in the tm_cli_cmd.tcl Policy
Environment Variable
_cron_entry
_show_cmd
Description
A CRON specification that determines when the policy will run.
Example
0-59/1 0-23/1 * * 0-7
The CLI command to be executed when the policy is run.
show version
The table below describes the EEM environment variables that must be set before the tm_crash_reporter.tcl
sample policy is run.
Table 24: Environment Variables Used in the tm_crash_reporter.tcl Policy
Environment Variable
_crash_reporter_debug
_crash_reporter_url
Description
A value that identifies whether debug information for tm_crash_reporter.tcl will be enabled. This variable is optional and need not be specified.
The URL location to which the crash report is sent.
Example
1 http://www.example.com/fm/interface_tm.cgi
The table below describes the EEM environment variables that must be set before the tm_fsys_usage.tcl
sample policy is run.
Embedded Event Manager Configuration Guide
157
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
Table 25: Environment Variables Used in the tm_fsys_usage.tcl Policy
Environment Variable
_tm_fsys_usage_cron
_tm_fsys_usage_debug
_tm_fsys_usage_ freebytes
_tm_fsys_usage_percent
Description Example
A CRON specification that is used in the event_register Tcl command extension. If unspecified, the tm_fsys_usage.tcl policy is triggered once per minute. This variable is optional and need not be specified.
0-59/1 0-23/1 * * 0-7
When this variable is set to a value of 1, disk usage information is displayed for all entries in the system. This variable is optional and need not be specified.
1
Free byte threshold for systems or specific prefixes. If free space falls below a given value, a warning is displayed. This variable is optional and need not be specified.
disk2:98000000
Disk usage percentage thresholds for systems or specific prefixes. If the disk usage percentage exceeds a given percentage, a warning is displayed. If unspecified, the default disk usage percentage is 80 percent for all systems. This variable is optional and need not be specified.
nvram:25 disk2:5
Registration of Some EEM Policies
Some EEM policies must be unregistered and then reregistered if an EEM environment variable is modified after the policy is registered. The event_register_xxx statement that appears at the start of the policy contains some of the EEM environment variables, and this statement is used to establish the conditions under which the policy is run. If the environment variables are modified after the policy has been registered, the conditions may become invalid. To avoid any errors, the policy must be unregistered and then reregistered. The following variables are affected:
• _cron_entry in the tm_cli_cmd.tcl policy
• _syslog_pattern in the sl_intf_down.tcl policy
Basic Configuration Details for All Sample Policies
To allow e-mail to be sent from the Embedded Event Manager, the hostname and ip domain-name commands must be configured. The EEM environment variables must also be set. After a Cisco IOS image has been
158
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
booted, use the following initial configuration, substituting appropriate values for your network. The environment variables for the tm_fsys_usage sample policy (see the table above) are all optional and are not listed here: hostname cpu ip domain-name example.com
event manager environment _email_server ms.example.net
event manager environment _email_to [email protected]
event manager environment _email_from [email protected]
event manager environment _email_cc [email protected]
event manager environment _cron_entry 0-59/2 0-23/1 * * 0-7 event manager environment _show_cmd show event manager policy registered event manager environment _syslog_pattern .*UPDOWN.*FastEthernet0/0 event manager environment _config_cmd1 interface Ethernet1/0 event manager environment _config_cmd2 no shutdown event manager environment _crash_reporter_debug 1 event manager environment _crash_reporter_url http://www.example.com/fm/interface_tm.cgi
end
Using the Sample Policies
This section contains the following configuration scenarios to demonstrate how to use the some sample Tcl policies:
Running the Mandatory.go_*.tcl Sample Policy
There are GOLD TCL scripts for each test which runs as a part of GOLD EEM Policy. You can modify the
TCL script for the test, specify the consecutive failure count, and also change the default corrective action.
For example, one could chose to power down a linecard card, instead of reset or other CLI based actions.
For each registered test, a default TCL script is available, which can be registered with the system, and matches with the default action. This can be then overridden by modifying these scripts.
The following table shows a list of the mandatory polices that GOLD installed into EEM. Each of the policies performs some sort of action such as resetting the card or disabling the port.
GOLD Tcl Scripts
Mandatory.go_asicsync.tcl
Test
TestAsicSync
Mandatory.go_bootup.tcl
Mandatory.go_fabric.tcl
Common for all bootup tests.
TestFabricHealth
Mandatory.go_fabrich0.tcl
Mandatory.go_fabrich1.tcl
Mandatory.go_ipsec.tcl
Mandatory.go_mac.tcl
Mandatory.go_nondislp.tcl
Mandatory.go_scratchreg.tcl
Mandatory.go_sprping.tcl
TestFabricCh0Health
TestFabricCh1Health
TestIPSecEncrypDecrypPkt
TestMacNotification
TestNonDisruptiveLoopback
TestScratchRegister
TestSPRPInbandPing
Embedded Event Manager Configuration Guide
159
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
The following sample configuration demonstrates how to use this policy. Starting in user EXEC mode, enter the enable command at the device prompt. The device enters privileged EXEC mode, where you can enter the show event manager policy registered command to verify that no policies are currently registered. The next command is the show event manager policy available command to display which policies are available to be installed. After you enter the configure terminal command to reach global configuration mode, you can register the mandatory.go_*.tcl policy with EEM using the event manager policy command. Exit from global configuration mode and enter the show event manager policy registered command again to verify that the policy has been registered.
enable show event manager policy registered show event manager policy available configure terminal event manager policy Mandatory.go_spuriousisr.tcl
end show event manager policy registered show event manager environment
Running the ap_perf_test_base_cpu.tcl and no_perf_test_init.tcl Sample Policies
These sample policies measures the CPU performance of EEM policies. The policies help find the average execution time of each EEM policy and uses the CLI library to execute the configuration commands specified in the EEM environment variables _perf_cmd1 and, optionally, _perf_cmd2 and _perf_cmd3.
The following sample configuration demonstrates how to use this policy. Starting in user EXEC mode, enter the enable command at the device prompt. The device enters privileged EXEC mode, where you can enter the show event manager policy registered command to verify that no policies are currently registered. The next command is the show event manager policy available command to display which policies are available to be installed. After you enter the configure terminal command to reach global configuration mode, enter the service timestamps debug datetime msec command and then you can register the ap_perf_test_base_cpu.tcl
and no_perf_test_init.tcl policies with EEM using the event manager policy command. Exit from global configuration mode and enter the show event manager policy registered command again to verify that the policy has been registered.
The policies ap_perf_test_base_cpu.tcl and no_perf_test_init.tcl need to be registered together, as they run as a test suite. You can run the no_perf_test_init.tcl policy to start the tests. Analyze the results using the syslog messages from each iteration. The total number of iteration is specified by the variable _perf_iterations. Take the time difference and divide it by the total number of iterations to get the average execution time of each
EEM policy.
enable show event manager policy registered show event manager policy available show event manager environment configure terminal service timestamps debug datetime msec event manager environment _perf_iterations 100 event manager policy ap_perf_test_base_cpu.tcl
event manager policy no_perf_test_init.tcl
end show event manager policy registered show event manager policy available show event manager environment event manager run no_perf_test_init.tcl
160
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
Running the no_perf_test_init.tcl Sample Policy
This sample policy measures the the cpu performance of EEM policies. The policy helps to find the average execution time of each EEM policy and uses the CLI library to execute the configuration commands specified in the EEM environment variables _perf_cmd1 and, optionally, _perf_cmd2 and _perf_cmd3.
The following sample configuration demonstrates how to use this policy. Starting in user EXEC mode, enter the enable command at the device prompt. The device enters privileged EXEC mode, where you can enter the show event manager policy registered command to verify that no policies are currently registered. The next command is the show event manager policy available command to display which policies are available to be installed. After you enter the configure terminal command to reach global configuration mode, you can register the no_perf_test_init.tcl policy with EEM using the event manager policy command. Exit from global configuration mode and enter the show event manager policy registered command again to verify that the policy has been registered.
Analyze the results using the syslog messages from each iteration. The total number of iteration is specified by the variable _perf_iterations. Take the time difference and divide it by the total number of iterations to get the average execution time of each EEM policy.
enable show event manager policy registered show event manager policy available configure terminal event manager policy no_perf_test_init.tcl
end show event manager policy registered show event manager environment
Running the sl_intf_down.tcl Sample Policy
This sample policy demonstrates the ability to modify the configuration when a syslog message with a specific pattern is logged. The policy gathers detailed information about the event and uses the CLI library to execute the configuration commands specified in the EEM environment variables _config_cmd1 and, optionally,
_config_cmd2. An e-mail message is sent with the results of the CLI command.
The following sample configuration demonstrates how to use this policy. Starting in user EXEC mode, enter the enable command at the device prompt. The device enters privileged EXEC mode, where you can enter the show event manager policy registered command to verify that no policies are currently registered. The next command is the show event manager policy available command to display which policies are available to be installed. After you enter the configure terminal command to reach global configuration mode, you can register the sl_intf_down.tcl policy with EEM using the event manager policy command. Exit from global configuration mode and enter the show event manager policy registered command again to verify that the policy has been registered.
The policy runs when an interface goes down. Enter the show event manager environment command to display the current environment variable values. Unplug the cable (or configure a shutdown) for the interface specified in the _syslog_pattern EEM environment variable. The interface goes down, prompting the syslog daemon to log a syslog message about the interface being down, and the syslog event detector is called.
The syslog event detector reviews the outstanding event specifications and finds a match for interface status change. The EEM server is notified, and the server runs the policy that is registered to handle this event--sl_intf_down.tcl.
enable show event manager policy registered show event manager policy available configure terminal event manager policy sl_intf_down.tcl
end
Embedded Event Manager Configuration Guide
161
Writing Embedded Event Manager Policies Using Tcl
EEM Event Detector Demo Examples
show event manager policy registered show event manager environment
Running the tm_cli_cmd.tcl Sample Policy
This sample policy demonstrates the ability to periodically execute a CLI command and to e-mail the results.
The CRON specification “0-59/2 0-23/1 * * 0-7” causes this policy to be run on the second minute of each hour. The policy gathers detailed information about the event and uses the CLI library to execute the configuration commands specified in the EEM environment variable _show_cmd. An e-mail message is sent with the results of the CLI command.
The following sample configuration demonstrates how to use this policy. Starting in user EXEC mode, enter the enable command at the device prompt. The device enters privileged EXEC mode where you can enter the show event manager policy registered command to verify that no policies are currently registered. The next command is the show event manager policy available command to display which policies are available to be installed. After you enter the configure terminal command to reach global configuration mode, you can register the tm_cli_cmd.tcl policy with EEM using the event manager policy command. Exit from global configuration mode and enter the show event manager policy registered command to verify that the policy has been registered.
The timer event detector triggers an event for this case periodically according to the CRON string set in the
EEM environment variable _cron_entry. The EEM server is notified, and the server runs the policy that is registered to handle this event--tm_cli_cmd.tcl.
enable show event manager policy registered show event manager policy available configure terminal event manager policy tm_cli_cmd.tcl
end show event manager policy registered
Running the tm_crash_reporter.tcl Sample Policy
This sample policy demonstrates the ability to send an HTTP-formatted crash report to a URL location. If the policy registration is saved in the startup configuration file, the policy is triggered 5 seconds after bootup.
When triggered, the script attempts to find the reload reason. If the reload reason was due to a crash, the policy searches for the related crashinfo file and sends this information to a URL location specified by the user in the environment variable _crash_reporter_url. A CGI script, interface_tm.cgi, has been created to receive the
URL from the tm_crash_reporter.tcl policy and save the crash information in a local database on the target
URL machine.
A Perl CGI script, interface_tm.cgi, has been created and is designed to run on a machine that contains an
HTTP server and is accessible by the device that runs the tm_crash_reporter.tcl policy. The interface_tm.cgi
script parses the data passed into it from tm_crash_reporter.tcl and appends the crash information to a text file, creating a history of all crashes in the system. Additionally, detailed information on each crash is stored in three files in a crash database directory that is specified by the user. Another Perl CGI script, crash_report_display.cgi, has been created to display the information stored in the database created by the interface_tm.cgi script. The crash_report_display.cgi script should be placed on the same machine that contains interface_tm.cgi. The machine should be running a web browser such as Internet Explorer or Netscape. When the crash_report_display.cgi script is run, it displays the crash information in a readable format.
The following sample configuration demonstrates how to use this policy. Starting in user EXEC mode, enter the enable command at the device prompt. The device enters privileged EXEC mode where you can enter the show event manager policy registered command to verify that no policies are currently registered. The next command is the show event manager policy available command to display which policies are available to be installed. After you enter the configure terminal command to reach global configuration mode, you
162
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example
can register the tm_crash_reporter.tcl policy with EEM using the event manager policy command. Exit from global configuration mode and enter the show event manager policy registered command to verify that the policy has been registered.
enable show event manager policy registered show event manager policy available configure terminal event manager policy tm_crash_reporter.tcl
end show event manager policy registered
Running the tm_fsys_usage.tcl Sample Policy
This sample policy demonstrates the ability to periodically monitor disk space usage and report through syslog when configurable thresholds have been crossed.
The following sample configuration demonstrates how to use this policy. Starting in user EXEC mode, enter the enable command at the device prompt. The device enters privileged EXEC mode, where you can enter the show event manager policy registered command to verify that no policies are currently registered. The next command is the show event manager policy available command to display which policies are available to be installed. After you enter the configure terminal command to reach global configuration mode, you can register the tm_fsys_usage.tcl policy with EEM using the event manager policy command. Exit from global configuration mode and enter the show event manager policy registered command again to verify that the policy has been registered. If you had configured any of the optional environment variables that are used in the tm_fsys_usage.tcl policy, the show event manager environment command displays the configured variables.
enable show event manager policy registered show event manager policy available configure terminal event manager policy tm_fsys_usage.tcl
end show event manager policy registered show event manager environment
Programming Policies with Tcl Sample Scripts Example
This section contains some of the sample policies that are included as EEM system policies. For more details about these policies, see the
EEM Event Detector Demo Examples, on page 155
.
Mandatory.go_ipsec.tcl Sample Policy
The following sample policy for the TestIPSecEncrypDecrypPkt Test.
::cisco::eem::event_register_gold card all testing_type monitoring test_name Tes tIPSecEncrypDecrypPkt consecutive_failure 6 platform_action 0 queue_priority las t
#
# GOLD TestIPSecEncrypDecrypPkt Test TCL script
#
# March 2005, Hai Qiu
#
# Copyright (c) 2005-2007 by cisco Systems, Inc.
# All rights reserved.
#
#
# Register for TestIPSecEncrypDecrypPkt test even
# the elements for register the event
Embedded Event Manager Configuration Guide
163
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example
# card [all | card #]
# sub_card [all | sub_card #]
# severity_major | severity_minor | severity_normal default : severity_normal
# new_failure [true | false] default: dont_care
# testing_type [bootup | ondemand | schedule | monitoring]
# test_name [ test name ]
# test_id [ test # ]
# consecutive_failure [ consecutive_failure # ]
# platform_action [action_flag]
#
#
#
#
# action_flag [ 0 | 1 | 2 ]
# queue_priority [ normal | low | high | last] default: normal
#
# Note:
# 1: "card" element is required. If other elements are not specified,
#
# treat them as dont care, or default.
2: action_flag is platform specific. It is up to platform to determine what action need to be taken based on the value
For Cat6k platform action_flag 0 : TCL script take action to reset card
#
#
#
#
#
#
# action_flag 1 : TCL script doesn't take action to reset card action_flag 2 : TCL script takes action to reset card for bootup diag when there is major error action_flag 3 : TCL script doesn't take action to reset card for bootup diag when there is major error
3: "queue_priority last" would guarantee this policy will be executed last
#
# if there are other EEM events in queue with queue priority other than "last" namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# 1. query the information of latest triggered eem event array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} puts "GOLD EEM TCL policy for TestIPSecEncrypDecrypPkt"
#set msg [format "array=%s", array names arr_einfo]
#puts "msg $msg"
#set msg $arr_einfo(msg) set card $arr_einfo(card) set sub_card $arr_einfo(sub_card)
#set overall_result $arr_einfo(overall_result)
#puts "GOLD event msg recieved: $card/$sub_card overall_result= $overall_result"
# 2. execute the user-defined config commands if [catch {cli_open} result] { error $result $errorInfo
} else { array set cli1 $result
} if [catch {cli_exec $cli1(fd) "en"} result] { error $result $errorInfo
}
# Use "diagn action mod mod# test testname default" command
# for default platform action if [catch {cli_exec $cli1(fd) "diagnostic action mod $card test TestIPSecEncrypD ecrypPkt default"} result] { error $result $errorInfo
} else { set cmd_output $result
} if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] { error $result $errorInfo
}
164
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example ap_perf_test_base_cpu.tcl Sample Policy
The following sample policy measures the CPU performance of EEM policies.
::cisco::eem::event_register_appl sub_system 798 type 9999
#----------------------------------
# EEM policy used for measuring the cpu performance of EEM policies.
#
# July 2005, Cisco EEM team
#
# Copyright (c) 2005, 2006 by cisco Systems, Inc.
# All rights reserved.
#------------------
###
### Input arguments:
###
### arg1 $iter - current iteration count
###
### The following EEM environment variables are used:
###
### _perf_iterations (mandatory) - number of iterations over which we
###
### Example: will run our measurement.
### event manager environment _perf_iterations 100
###
### _perf_cmd1 (optional) - optional non interactive cli command
###
### to be executed as part of the measurement test.
### Example:
### event manager environment _perf_cmd1 enable
###
### _perf_cmd2 (optional)
###
- optional non interactive cli command to be executed as part of the
###
### measurement test.
To use _perf_cmd2, _perf_cmd1 MUST
###
### Example: be defined.
### event manager environment _perf_cmd2 show ver
###
### _perf_cmd3 (optional) - optional non interactive cli command
###
###
###
### to be executed as part of the measurement test.
To use _perf_cmd3, _perf_cmd1 MUST be defined.
### Example:
### event manager environment _perf_cmd3 show int counters protocol status
###
### Description:
### Iterate through _perf_iterations of this policy.
### It is up to the user to calculate the average
### execution time based on the system timestamps.
### Optional commands _perf_cmd1,
### _perf_cmd2 and _perf_cmd3 are executed if defined.
###
### A value of 100 is a good starting point.
###
### Outputs:
### Console output.
###
### Usage example:
### >conf t
### >service timestamps debug datetime msec
### >event manager environment _perf_iterations 100
### >event manager policy ap_perf_base_cpu.tcl
### >event manager policy no_perf_test_init.tcl
### >end
### 2d19h: %SYS-5-CONFIG_I: Configured from console by console
### >event manager run no_perf_test_init.tcl
###
### Oct 16 14:57:17.284: %SYS-5-CONFIG_I: Configured from console by console
### >event manager run no_perf_test_init.tcl
###
Embedded Event Manager Configuration Guide
165
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example
### Oct 16 19:32:02.772: %HA_EM-6-LOG:
### eem_policy/no_perf_test_init.tcl: EEM performance test start
### Oct 16 19:32:03.115: %HA_EM-6-LOG:
### eem_policy/ap_perf_test_base_cpu.tcl: EEM performance test iteration 1
### Oct 16 19:32:03.467: %HA_EM-6-LOG:
### eem_policy/ap_perf_test_base_cpu.tcl: EEM performance test iteration 2
### ...
### Oct 16 19:32:36.936: %HA_EM-6-LOG:
### eem_policy/ap_perf_test_base_cpu.tcl: EEM performance test iteration 100
### Oct 16 19:32:36.936: %HA_EM-6-LOG:
### eem_policy/ap_perf_test_base_cpu.tcl: EEM performance test end
###
### The user must calculate execution time and average time of execution.
### In this example, total time = 19:32:36.936 - 19:32:02.772 = 34.164
### Average script execution time = 341.64 milliseconds
###
# check if all the env variables we need exist
# If any of them doesn't exist, print out an error msg and quit if {![info exists _perf_iterations]} { set result \
"Policy cannot be run: variable _perf_iterations has not been set" error $result $errorInfo
}
# ensure our target iteration count > 0 if {$_perf_iterations <= 0} { set result \
"Policy cannot be run: variable _perf_iterations <= 0" error $result $errorInfo
} namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# query the event info array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} set iter $arr_einfo(data1) set iter [expr $iter + 1]
# if _perf_cmd1 is defined if {[info exists _perf_cmd1]} {
# open the cli library if [catch {cli_open} result] { error $result $errorInfo
} else { array set cli1 $result
}
# execute the comamnd defined in _perf_cmd1 if [catch {cli_exec $cli1(fd) $_perf_cmd1} result] { error $result $errorInfo
}
# if _perf_cmd2 is defined if {[info exists _perf_cmd2]} {
# execute the comamnd defined in _perf_cmd2 if [catch {cli_exec $cli1(fd) $_perf_cmd2} result] { error $result $errorInfo
} else { set cmd_output $result
}
}
# if _perf_cmd3 is defined if {[info exists _perf_cmd3]} {
# execute the comamnd defined in _perf_cmd3 if [catch {cli_exec $cli1(fd) $_perf_cmd3} result] { error $result $errorInfo
} else { set cmd_output $result
}
}
# close the cli library if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] { error $result $errorInfo
166
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example
}
}
# log a message set msg [format "EEM performance test iteration %s" $iter] action_syslog priority info msg $msg if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
# use the context info from the previous run to determine when to end if {$iter >= $_perf_iterations} {
#log the final messages action_syslog priority info msg "EEM performance test end" if {$_cerrno != 0} { set result [format \
"component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} exit 0
}
# cause the next iteration to run event_publish sub_system 798 type 9999 arg1 $iter if {$_cerrno != 0} { set result [format \
"component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
tm_cli_cmd.tcl Sample Policy
The following sample policy runs a configurable CRON entry. The policy executes a configurable Cisco IOS
CLI command and e-mails the results. An optional log file can be defined to which the output is appended with a timestamp.
::cisco::eem::event_register_timer cron name crontimer2 cron_entry $
_cron_entry maxrun 240
#------------------------------------------------------------------
# EEM policy that will periodically execute a cli command and email the
# results to a user.
#
# July 2005, Cisco EEM team
#
# Copyright (c) 2005 by cisco Systems, Inc.
# All rights reserved.
#------------------------------------------------------------------
### The following EEM environment variables are used:
###
### _cron_entry (mandatory) - A CRON specification that determines
###
###
###
### when the policy will run. See the
IOS Embedded Event Manager documentation for more information on how to specify a cron entry.
### Example: _cron_entry
###
0-59/1 0-23/1 * * 0-7
### _log_file (mandatory without _email_....)
###
###
###
###
### Example: _log_file
###
- A filename to append the output to.
If this variable is defined, the output is appended to the specified file with a timestamp added.
disk0:/my_file.log
### _email_server (mandatory without _log_file)
### - A Simple Mail Transfer Protocol (SMTP)
###
### Example: _email_server
### mail server used to send e-mail.
mailserver.example.com
Embedded Event Manager Configuration Guide
167
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example
### _email_from (mandatory without _log_file)
### - The address from which e-mail is sent.
### Example: _email_from
### _email_to (mandatory without _log_file)
###
### Example: _email_to
###
### _email_cc (optional)
- The address to which e-mail is sent.
###
### Example: _email_cc
###
- The address to which the e-mail must be copied.
### _show_cmd (mandatory)
###
### Example: _show_cmd
###
- The CLI command to be executed when the policy is run.
show version
# check if all required environment variables exist
# If any required environment variable does not exist, print out an error msg and quit if {![info exists _log_file]} { if {![info exists _email_server]} { set result \
"Policy cannot be run: variable _log_file or _email_server has not been set" error $result $errorInfo
} if {![info exists _email_from]} { set result \
"Policy cannot be run: variable _log_file or _email_from has not been set" error $result $errorInfo
} if {![info exists _email_to]} { set result \
"Policy cannot be run: variable _log_file ore _email_to has not been set" error $result $errorInfo
} if {![info exists _email_cc]} {
#_email_cc is an option, must set to empty string if not set.
set _email_cc ""
}
} if {![info exists _show_cmd]} { set result \
"Policy cannot be run: variable _show_cmd has not been set" error $result $errorInfo
} namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# query the event info and log a message array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} global timer_type timer_time_sec set timer_type $arr_einfo(timer_type) set timer_time_sec $arr_einfo(timer_time_sec)
# log a message set msg [format "timer event: timer type %s, time expired %s" \
$timer_type [clock format $timer_time_sec]] action_syslog priority info msg $msg if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
# 1. execute the command if [catch {cli_open} result] { error $result $errorInfo
} else { array set cli1 $result
} if [catch {cli_exec $cli1(fd) "en"} result] { error $result $errorInfo
168
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example
}
# save exact execution time for command set time_now [clock seconds]
# execute command if [catch {cli_exec $cli1(fd) $_show_cmd} result] { error $result $errorInfo
} else { set cmd_output $result
# format output: remove trailing router prompt regexp {\n*(.*\n)([^\n]*)$} $result dummy cmd_output
} if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] { error $result $errorInfo
}
# 2. log the success of the CLI command set msg [format "Command \"%s\" executed successfully" $_show_cmd] action_syslog priority info msg $msg if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
# 3. if _log_file is defined, then attach it to the file if {[info exists _log_file]} {
# attach output to file if [catch {open $_log_file a+} result] { error $result
} set fileD $result
# save timestamp of command execution
# (Format = 00:53:44 PDT Mon May 02 2005) set time_now [clock format $time_now -format "%T %Z %a %b %d %Y"] puts $fileD "%%% Timestamp = $time_now" puts $fileD $cmd_output close $fileD
}
# 4. if _email_server is defined send the email out if {[info exists _email_server]} { set routername [info hostname] if {[string match "" $routername]} { error "Host name is not configured"
} if [catch {smtp_subst [file join $tcl_library email_template_cmd.tm]} \ result] { error $result $errorInfo
} if [catch {smtp_send_email $result} result] {
} error $result $errorInfo
}
sl_intf_down.tcl Sample Policy
The following sample policy runs when a configurable syslog message is logged. The policy executes a configurable CLI command and e-mails the results.
::cisco::eem::event_register_syslog occurs 1 pattern $_syslog_pattern maxrun 90
#------------------------------------------------------------------
# EEM policy to monitor for a specified syslog message.
# Designed to be used for syslog interface-down messages.
# When event is triggered, the given config commands will be run.
#
# July 2005, Cisco EEM team
#
# Copyright (c) 2005 by cisco Systems, Inc.
# All rights reserved.
#------------------------------------------------------------------
### The following EEM environment variables are used:
Embedded Event Manager Configuration Guide
169
Writing Embedded Event Manager Policies Using Tcl
Programming Policies with Tcl Sample Scripts Example
###
### _syslog_pattern (mandatory)
###
###
### Example: _syslog_pattern
###
### _email_server (mandatory)
###
### Example: _email_server
###
### _email_from (mandatory)
### Example: _email_from
###
### _email_to (mandatory)
### Example: _email_to
###
### _email_cc (optional)
###
### Example: _email_cc
###
### _config_cmd1 (optional)
###
### Example: _config_cmd1
###
### _config_cmd2 (optional)
###
### Example: _config_cmd2
###
- A regular expression pattern match string that is used to compare syslog messages to determine when policy runs
.*UPDOWN.*FastEthernet0/0.*
- A Simple Mail Transfer Protocol (SMTP) mail server used to send e-mail.
mailserver.example.com
- The address from which e-mail is sent.
- The address to which e-mail is sent.
- The address to which the e-mail must be copied.
- The first configuration command that is executed.
interface Ethernet1/0
- The second configuration command that is executed.
no shutdown
# check if all the env variables we need exist
# If any of them doesn't exist, print out an error msg and quit if {![info exists _email_server]} { set result \
"Policy cannot be run: variable _email_server has not been set" error $result $errorInfo
} if {![info exists _email_from]} { set result \
"Policy cannot be run: variable _email_from has not been set" error $result $errorInfo
} if {![info exists _email_to]} { set result \
"Policy cannot be run: variable _email_to has not been set" error $result $errorInfo
} if {![info exists _email_cc]} {
#_email_cc is an option, must set to empty string if not set.
set _email_cc ""
} namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# 1. query the information of latest triggered eem event array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} set msg $arr_einfo(msg) set config_cmds ""
# 2. execute the user-defined config commands if [catch {cli_open} result] { error $result $errorInfo
} else { array set cli1 $result
} if [catch {cli_exec $cli1(fd) "en"} result] {
170
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Debugging Embedded Event Manager Policies Examples
error $result $errorInfo
} if [catch {cli_exec $cli1(fd) "config t"} result] { error $result $errorInfo
} if {[info exists _config_cmd1]} { if [catch {cli_exec $cli1(fd) $_config_cmd1} result] { error $result $errorInfo
} append config_cmds $_config_cmd1
} if {[info exists _config_cmd2]} { if [catch {cli_exec $cli1(fd) $_config_cmd2} result] { error $result $errorInfo
} append config_cmds "\n" append config_cmds $_config_cmd2
} if [catch {cli_exec $cli1(fd) "end"} result] { error $result $errorInfo
} if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] { error $result $errorInfo
} after 60000
# 3. send the notification email set routername [info hostname] if {[string match "" $routername]} { error "Host name is not configured"
} if [catch {smtp_subst [file join $tcl_library email_template_cfg.tm]} result] { error $result $errorInfo
} if [catch {smtp_send_email $result} result] { error $result $errorInfo
}
The following e-mail template file is used with the EEM sample policy above: email_template_cfg.tm
Mailservername: $_email_server
From: $_email_from
To: $_email_to
Cc: $_email_cc
Subject: From router $routername: Periodic $_show_cmd Output
$cmd_output
Debugging Embedded Event Manager Policies Examples
The following examples show how to debug the CLI library and the SMTP library.
Debugging the CLI Library
The CLI library allows users to run CLI commands and obtain the output of commands in Tcl. An Embedded
Event Manager debug command has been provided for users of this library. The command to enable CLI library debugging is debug event manager tcl cli_library. When enabled, this command displays all data that is passed in and read back from the TTY session that handles the CLI interactions. This data helps ensure users that the commands that they are passing to the CLI are valid.
Embedded Event Manager Configuration Guide
171
Writing Embedded Event Manager Policies Using Tcl
Debugging Embedded Event Manager Policies Examples
Example of the debug event manager tcl cli_library Command
This example uses the sample policy sl_intf_down.tcl. When triggered, sl_intf_down.tcl passes a configuration command to the CLI through the CLI library. The command passed in below is show event manager
environment. This command is not a valid command in configuration mode. Without the debug command enabled, the output is shown below:
00:00:57:sl_intf_down.tcl[0]:config_cmds are show eve man env
00:00:57:%SYS-5-CONFIG_I:Configured from console by vty0
Notice that with the output above the user would not know whether or not the command succeeded in the
CLI. With the debug event manager tcl cli_library command enabled, the user sees the following:
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : CTL : cli_open called.
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : nelson>
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : IN : nelson>enable
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : nelson#
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : IN : nelson#configure terminal
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : Enter configuration commands, one per line.
End with CNTL/Z.
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : nelson(config)#
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : IN : nelson(config)#show event manager environment
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : ^
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : % Invalid input detected at '^' marker.
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : nelson(config)#
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : IN : nelson(config)#end
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : OUT : nelson#
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : CTL : cli_close called.
01:17:07: sl_intf_down.tcl[0]: DEBUG(cli_lib) : IN : nelson#exit
01:17:07: sl_intf_down.tcl[0]: config_cmds are show event manager environment
01:17:07: %SYS-5-CONFIG_I: Configured from console by vty0
The output above shows that show event manager environment is an invalid command in configuration mode. The IN keyword signifies all data passed in to the TTY through the CLI library. The OUT keyword signifies all data read back from the TTY through the CLI library. The CTL keyword signifies helper functions used in the CLI library. These helper functions are used to set up and remove connections to the CLI.
Debugging the SMTP Library
The SMTP library allows users to send e-mail messages to an SMTP e-mail server. An Embedded Event
Manager debug command has been provided for users of this library. The command to enable SMTP library debugging is debug event manager tcl smtp_library. When enabled, this command displays all data that is passed in and read back from the SMTP library routines. This data helps ensure users that the commands that they are passing to the SMTP library are valid.
Example of the debug event manager tcl smtp_library Command
This example uses the sample policy tm_cli_cmd.tcl. When triggered, tm_cli_cmd.tcl runs the command show
event manager policy available system through the CLI library. The result is then mailed to a user through the SMTP library. The output will help debug any issues related to using the SMTP library.
With the debug event manager tcl smtp_library command enabled, the users see the following on the console:
00:39:46: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 220 XXXX.example.com ESMTP XXXX
1.1.0; Tue,
25 Jun 2002 14:20:39 -0700 (PDT)
00:39:46: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : HELO XXXX.example.com
00:39:46: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 250 XXXX.example.com Hello
XXXX.example.com [XXXX], pleased to meet you
00:39:46: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : MAIL FROM:<[email protected]>
172
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Tracing Tcl set Command Operations Example
00:39:46: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 250 <[email protected]>... Sender ok
00:39:46: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : RCPT TO:<[email protected]>
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 250 <[email protected]>... Recipient ok
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : RCPT TO:<[email protected]>
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 250 <[email protected]>... Recipient ok
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : DATA
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 354 Enter mail, end with "." on a line by itself
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : Date: 25 Jun 2002 14:35:00 UTC
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : Message-ID:
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : From: [email protected]
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : To: [email protected]
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : Cc: [email protected]
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : Subject: From router nelson:
Periodic show eve man po ava system Output
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : No. Type
Name
Time Created
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : 1 system Fri May3 20:42:34
2002 pr_cdp_abort.tcl
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : 2 system Fri May3 20:42:54
2002 pr_iprouting_abort.tcl
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : 3 system Wed Apr3 02:16:33
2002 sl_intf_down.tcl
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : 4 system Mon Jun24 23:34:16
2002 tm_cli_cmd.tcl
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : 5 system Wed Mar27 05:53:15
2002 tm_crash_hist.tcl
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : nelson#
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write :
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : .
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 250 ADE90179 Message accepted for delivery
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_write : QUIT
00:39:47: tm_cli_cmd.tcl[0]: DEBUG(smtp_lib) : smtp_read : 221 XXXX.example.com closing connection
Tracing Tcl set Command Operations Example
Tcl is a flexible language. One of the flexible aspects of Tcl is that you can override commands. In this example, the Tcl set command is renamed as _set and a new version of the set command is created that displays a message containing the text “setting” and appends the scalar variable that is being set. This example can be used to trace all instances of scalar variables being set.
rename set _set proc set {var args} { puts [list setting $var $args] uplevel _set $var $args
};
When this is placed in a policy, a message is displayed anytime a scalar variable is set, for example:
02:17:58: sl_intf_down.tcl[0]: setting test_var 1
RPC Event Detector Example
TCL script (rpccli.tcl):
::cisco::eem::event_register_rpc namespace import ::cisco::eem::* namespace import ::cisco::lib::*
Embedded Event Manager Configuration Guide
173
Writing Embedded Event Manager Policies Using Tcl
RPC Event Detector Example
proc run_cli { clist } { set rbuf "" if {[llength $clist] < 1} { return -code ok $rbuf
} if {[catch {cli_open} result]} { return -code error $result
} else { array set cliarr $result
} if {[catch {cli_exec $cliarr(fd) "enable"} result]} { return -code error $result
} if {[catch {cli_exec $cliarr(fd) "term length 0"} result]} { return -code error $result
} foreach cmd $clist { if {[catch {cli_exec $cliarr(fd) $cmd} result]} { return -code error $result
} append rbuf $result
} if {[catch {cli_close $cliarr(fd) $cliarr(tty_id)} result]} { puts "WARNING: $result"
} return -code ok $rbuf
} proc run_cli_interactive { clist } { set rbuf "" if {[llength $clist] < 1} { return -code ok $rbuf
} if {[catch {cli_open} result]} { return -code error $result
} else { array set cliarr $result
} if {[catch {cli_exec $cliarr(fd) "enable"} result]} { return -code error $result
} if {[catch {cli_exec $cliarr(fd) "term length 0"} result]} { return -code error $result
} foreach cmd $clist { array set sendexp $cmd if {[catch {cli_write $cliarr(fd) $sendexp(send)} result]} { return -code error $result
} foreach response $sendexp(responses) { array set resp $response if {[catch {cli_read_pattern $cliarr(fd) $resp(expect)} result]} { return -code error $result
} if {[catch {cli_write $cliarr(fd) $resp(reply)} result]} { return -code error $result
}
} if {[catch {cli_read $cliarr(fd)} result]} { return -code error $result
} append rbuf $result
} if {[catch {cli_close $cliarr(fd) $cliarr(tty_id)} result]} { puts "WARNING: $result"
} return -code ok $rbuf
} array set arr_einfo [event_reqinfo] set args $arr_einfo(argc) set cmds [list] for { set i 0 } { $i < $args } { incr i } { set arg "arg${i}"
# Split each argument on the '^' character.
The first element is
174
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Additional References
# the command, and each subsequent element is a prompt followed by
# a response to that prompt.
set cmdlist [split $arr_einfo($arg) "^"] set cmdarr(send) [lindex $cmdlist 0] set cmdarr(responses) [list] if { [expr ([llength $cmdlist] - 1) % 2] != 0 } { return -code 88
} set cmdarr(responses) [list] for { set j 1 } { $j < [llength $cmdlist] } { incr j 2 } { set resps(expect) [lindex $cmdlist $j] set resps(reply) [lindex $cmdlist [expr $j + 1]] lappend cmdarr(responses) [array get resps]
} lappend cmds [array get cmdarr]
} set rc [catch {run_cli_interactive $cmds} output] if { $rc != 0 } { error $output $errorInfo return -code 88
} puts $output
Additional References
The following sections provide references related to writing Embedded Event Manager policies using Tcl.
Related Documents
Related Topic
Cisco IOS commands
Document Title
Cisco IOS Master Commands List, All Releases
EEM commands: complete command syntax, defaults, command mode, command history, usage guidelines, and examples
Cisco IOS Embedded Event Manager Command
Reference
Embedded Event Manager overview Embedded Event Manager Overview module.
Embedded Event Manager policy writing using the
CLI
Writing Embedded Event Manager Policies Using the Cisco IOS CLI module
Embedded Resource Manager Embedded Resource Manager module
MIBs
MIB
CISCO-EMBEDDED-EVENT-MGR-MIB
MIBs Link
To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL: http://www.cisco.com/go/mibs
Embedded Event Manager Configuration Guide
175
Writing Embedded Event Manager Policies Using Tcl
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
RFCs
RFC
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
Title
--
Technical Assistance
Description Link
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID and password.
http://www.cisco.com/cisco/web/support/index.html
Feature Information for Writing Embedded Event Manager 4.0
Policies Using Tcl
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to . An account on Cisco.com is not required.
176
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Table 26: Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Feature Name
Embedded Event Manager 1.0
Releases
12.0(26)S
12.3(4)T
Feature Information
EEM 1.0 introduced Embedded
Event Manager applet creation with the SNMP and syslog event detectors. EEM 1.0 also introduced the following actions: generating prioritized syslog messages, generating a CNS event for upstream processing by Cisco CNS devices, reloading the Cisco software, and switching to a secondary processor in a fully redundant hardware configuration.
The following commands were introduced by this feature: action
cns-event, action
force-switchover, action reload,
action syslog, debug event
manager, event manager applet,
event snmp, event syslog, show
event manager policy registered.
Embedded Event Manager Configuration Guide
177
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Feature Name
Embedded Event Manager 2.0
Releases
12.2(25)S
Writing Embedded Event Manager Policies Using Tcl
Feature Information
EEM 2.0 introduced the application-specific event detector, the counter event detector, the interface counter event detector, the timer event detector, and the watchdog event detector. New actions included modifying a named counter, publishing an application-specific event, and generating an SNMP trap. The ability to define environment variables and to run EEM policies written using Tcl was introduced, and two sample policies were included with the software.
The following commands were introduced by this feature: action
counter, action publish-event,
action snmp-trap, event
application, event counter, event
interface, event ioswdsysmon,
event manager environment,
event manager history size, event
manager policy, event manager
scheduler suspend, event timer,
show event manager
environment, show event
manager history events, show
event manager history traps,
show event manager policy
available, show event manager
policy pending.
178
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Feature Name
Embedded Event Manager 2.1
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Releases
12.3(14)T
12.2(18)SXF5
12.2(28)SB
12.2(33)SRA
Feature Information
EEM 2.1 introduced some new event detectors and actions with new functionality to allow EEM policies to be run manually and the ability to run multiple concurrent policies. Support for Simple
Network Management Protocol
(SNMP) event detector rate-based events was provided as was the ability to create policies using Tool
Command Language (Tcl).
The following commands were introduced or modified by this feature: action cli, action counter,
action info, action mail, action
policy, debug event manager,
event cli, event manager
directory user, event manager
policy, event manager run, event
manager scheduler script, event
manager session cli username,
event none, event oir, event
snmp, event syslog, set(EEM),
show event manager directory
user, show event manager policy
registered, show event manager
session cli username.
Embedded Event Manager Configuration Guide
179
Writing Embedded Event Manager Policies Using Tcl
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Feature Name
Embedded Event Manager 2.1
(Software Modularity)
Embedded Event Manager 2.2
SNMP event detector delta environment variable
Releases
12.2(18)SXF4
Cisco IOS Software Modularity images
12.4(2)T
12.2(31)SB3
12.2(33)SRB
12.4(11)T
Feature Information
EEM 2.1 for Software Modularity images introduced the GOLD, system manager, and WDSysMon
(Cisco IOS Software Modularity watchdog) event detectors, and the ability to display Cisco IOS
Software Modularity processes and process metrics.
The following commands were introduced by this feature: event
gold, event process, show event
manager metric process.
Note
EEM 2.1 for Software
Modularity images also supports the resource and
RF event detectors introduced in EEM 2.2, but it does not support the enhanced object tracking event detector or the actions to read and set tracked objects.
EEM 2.2 introduced the enhanced object tracking, resource, and RF event detectors. The actions of reading and setting the state of a tracked object were also introduced.
The following commands were introduced or modified by this feature: action track read, action
track set, default-state, event
resource, event rf, event track,
show track, track stub-object.
A new SNMP event detector environment variable,
_snmp_oid_delta_val, was introduced.
This is a minor enhancement.
Minor enhancements are not typically listed in Feature
Navigator.
180
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Feature Name
Embedded Event Manager 2.3
Embedded Event Manager 2.4
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Releases
12.2(33)SXH
12.2(33)SB
15.1(2)SY
12.4(20)T
12.2(33)SXI
12.2(33)SRE
15.1(2)SY
Feature Information
EEM 2.3 introduced some new features relative to the Generic
Online Diagnostics (GOLD) Event
Detector on the Cisco Catalyst
6500 Series switches.
The event gold command was enhanced in addition to the Tcl keywords--action-notify,
testing-type, test-name, test-id,
consecutive-failure,
platform-action, and maxrun--for improved reaction to GOLD test failures and conditions
Read-only variables were added under the GOLD Event Detector category to provide access to platform-wide and test-specific
GOLD event detector information for a detected event.
EEM 2.4 introduced several new features.
The following commands were introduced by this feature:
attribute (EEM) , correlate, event
manager detector rpc, event
manager directory user
repository, event manager
update user policy, event
manager scheduler clear, event
manager update user policy,
event owner, event rpc, event
snmp-notification, show event
manager detector, show event
manager version, trigger (EEM).
Embedded Event Manager Configuration Guide
181
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Feature Name
Embedded Event Manger 3.0
Releases
12.4(22)T
12.2(33)SRE
12.2(50)SY
Writing Embedded Event Manager Policies Using Tcl
Feature Information
EEM 3.0 introduced several new features.
The following commands were introduced or modified by this feature:
action add , action append,
action break, action comment,
action context retrieve, action
context save, action continue,
action decrement, action divide,
action else, action elseif, action
end, action exit, action foreach,
action gets, action if, action if
goto, action increment, action
info type interface-names, action
info type snmp getid, action info
type snmp inform, action info
type snmp oid, action info type
snmp trap, action info type snmp
var, action multiply, action puts,
action regexp, action set (EEM),
action string compare, action
string equal, action string first,
action string index, action string
last, action string length, action
string match, action string range,
action string replace, action
string tolower, action string
toupper, action string trim,
action string trimleft, action
string trimright, action subtract,
action while, event cli, event
ipsla, event manager detector
routing, event manager
scheduler, event manager
scheduler clear, event manager
scheduler hold, event manager
scheduler modify, event manager
scheduler release, event nf, event
routing, show event manager
policy active, show event
manager policy pending, and
show event manager scheduler.
182
Embedded Event Manager Configuration Guide
Writing Embedded Event Manager Policies Using Tcl
Feature Name
Embedded Event Manager 3.1
Embedded Event Manager 3.2
Embedded Event Manager 4.0
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Releases
15.0(1)M
15.1(1)SY
15.1(2)SY
12.2(52)SE
12.2(54)SG
15.1(3)T
15.1(1)SY
15.1(2)SY
15.2(2)T
15.1(1)SY
15.1(2)SY
12.2(2)E
Feature Information
EEM 3.1 introduced several new features.
The following commands were introduced or modified by this feature: action syslog, description
(EEM) , event manager applet ,
event manager policy , event
snmp-notification , event
snmp-object , show event
manager policy registered , and
show event manager policy
available .
EEM is a distributed and customized approach to event detection and recovery offered directly in a Cisco IOS device.
The following sections provide information about this feature:
The following commands were introduced or modified: debug
event manager, event identity,
event mat, event
neighbor-discovery, show event
manager detector.
EEM 4.0 introduced several new features.
The following commands were introduced or modified: action file,
action mail, action syslog, clear
event manager detector counters,
clear event manager server
counters, event cli, event
manager policy, event manager
scheduler, event syslog, show
event manager detector, show
event manager policy registered,
show event manager statistics.
Embedded Event Manager Configuration Guide
183
Feature Information for Writing Embedded Event Manager 4.0 Policies Using Tcl
Writing Embedded Event Manager Policies Using Tcl
184
Embedded Event Manager Configuration Guide
C H A P T E R
5
Signed Tcl Scripts
The Signed Tcl Scripts feature allows you to create a certificate to generate a digital signature and sign a
Tool Command Language (Tcl) script with that digital signature. This feature also allows you to work with existing scripts and certificates. The digital signature is verified for authentication and then run with trusted access to the Tcl interpreter. If the script does not contain the digital signature, the script may run in a limited mode for untrusted scripts, or may not run at all.
•
Finding Feature Information, page 185
•
Prerequisites for Signed Tcl Scripts, page 186
•
Restrictions for Signed Tcl Scripts, page 186
•
Information About Signed Tcl Scripts, page 186
•
How to Configure Signed Tcl Scripts, page 187
•
Configuration Examples for Signed Tcl Script, page 200
•
Additional References, page 204
•
Feature Information for Signed Tcl Scripts, page 205
•
•
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn . An account on Cisco.com is not required.
Embedded Event Manager Configuration Guide
185
Signed Tcl Scripts
Prerequisites for Signed Tcl Scripts
Prerequisites for Signed Tcl Scripts
For this feature to work, the Cisco public key infrastructure (PKI) configuration trustpoint commands must be enabled.
For further details, see the
Prerequisites for Signed Tcl Scripts, on page 186
.
Restrictions for Signed Tcl Scripts
For this feature to work, you must be running the following:
• Cisco IOS Crypto image
• OpenSSL Version 0.9.7a or above
• Expect
Information About Signed Tcl Scripts
The Signed Tcl Scripts feature introduces security for the Tcl scripts. This feature allows you to create a certificate to generate a digital signature and sign a Tcl script with that digital signature. This certificate examines the Tcl scripts prior to running them. The script is checked for a digital signature from Cisco. In addition, third parties may also sign a script with a digital signature. You may wish to sign your own internally developed Tcl scripts or you could use a script developed by a third party. If the script contains the correct digital signature, it is believed to be authentic and runs with full access to the Tcl interpreter. If the script does not contain the digital signature, the script may be run in a limited mode, known as Safe Tcl mode, or may not run at all.
To create and use signed Tcl scripts, you should understand the following concepts:
Cisco PKI
Cisco PKI provides certificate management to support security protocols such as IP security (IPsec), secure shell (SSH), and secure socket layer (SSL). A PKI is composed of the following entities:
• Peers communicating on a secure network
• At least one certification authority (CA) that grants and maintains certificates
• Digital certificates, which contain information such as the certificate validity period, peer identity information, encryption keys that are used for secure communication, and the signature of the issuing
CA
• An optional registration authority (RA) to offload the CA by processing enrollment requests
• A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs)
PKI provides you with a scalable, secure mechanism for distributing, managing, and revoking encryption and identity information in a secured data network. Every routing device participating in the secured communication
186
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
RSA Key Pair
is enrolled in the PKI in a process where the routing device generates a Rivest, Shamir, and Adelman (RSA) key pair (one private key and one public key) and has its identity validated by a trusted routing device (also known as a CA or trustpoint).
After each routing device enrolls in a PKI, every peer (also known as an end host) in a PKI is granted a digital certificate that has been issued by a CA. When peers must negotiate a secured communication session, they exchange digital certificates. Based on the information in the certificate, a peer can validate the identity of another peer and establish an encrypted session with the public keys contained in the certificate.
RSA Key Pair
An RSA key pair consists of a public key and a private key. When setting up your PKI, you must include the public key in the certificate enrollment request. After the certificate has been granted, the public key is included in the certificate so that peers can use it to encrypt data that is sent to the device. The private key is kept on the device and used both to decrypt the data sent by peers and to digitally sign transactions when negotiating with peers.
RSA key pairs contain a key modulus value. The modulus determines the size of the RSA key. The larger the modulus, the more secure the RSA key. However, keys with large modulus values take longer to generate, and encryption and decryption operations take longer with larger keys.
Certificate and Trustpoint
A certification authority (CA), also known as a trustpoint, manages certificate requests and issues certificates to participating network devices. These services (managing certificate requests and issuing certificates) provide centralized key management for the participating devices and are explicitly trusted by the receiver to validate identities and to create digital certificates. Before any PKI operations can begin, the CA generates its own public key pair and creates a self-signed CA certificate; thereafter, the CA can sign certificate requests and begin peer enrollment for the PKI.
You can use a CA provided by a third-party CA vendor, or you can use an internal CA, which is the Cisco
Certificate Server.
How to Configure Signed Tcl Scripts
Generating a Key Pair
The key pair consists of a private key and a public key. The private key is intended to be kept private, accessible only to the creator. The public key is generated from the private key and is intended to be known to the public.
To generate a key pair, use the openssl genrsa command and then the openssl rsa command.
SUMMARY STEPS
1. openssl genrsa -out private-key-file bit-length
2. ls -l
3. openssl rsa -in private-key-file
-pubout -out public-key-file
4. ls -l
Embedded Event Manager Configuration Guide
187
Signed Tcl Scripts
Generating a Key Pair
DETAILED STEPS
Step 1
openssl genrsa -out private-key-file bit-length
This command generates a private key that is bit-length bits long and writes the key to the private-key-filefile.
Host%
openssl genrsa -out privkey.pem 2048
Step 2
Step 3
Step 4
Example:
Generating RSA private key, 2048 bit long modulus
.........+++
...............................................................................+++ e is 65537 (0x10001)
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners, size, and when last modified.
Example:
Host%
ls -l
total 8
-rw-r--r-1 janedoe eng12 1679 Jun 12 14:55 privkey.pem
The privkey.pem file contains the private key generated using the openssl genrsa command.
openssl rsa -in private-key-file -pubout -out public-key-file
This command generates a public key based on the specified private key in the private-key-file file and writes the public key to the public-key-filefile.
Example:
Host%
openssl rsa -in privkey.pem -pubout -out pubkey.pem
writing RSA key
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners, size, and when last modified.
Example:
Host%
ls -l
total 16
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
The pubkey.pem file contains the public key generated from the private key using the openssl rsa command.
188
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Generating a Certificate
Generating a Certificate
Perform this task to generate a certificate. To generate an X.509 certificate, use the openssl req command.
SUMMARY STEPS
1. openssl req -new -x509 -key private-key-file -out certificate-file -days expiration-days
2. ls -l
DETAILED STEPS
Step 1
openssl req -new -x509 -key private-key-file -out certificate-file -days expiration-days
This command creates an X.509 certificate, with full access to a private key that is stored in the private-key-file file, and stores the certificate in the certificate-filefile. The certificate is configured to expire in expiration-days days.
To complete the command, enter the following Distinguished Name (DN) information when prompted:
• Country name
• State or province name
• Organization name
• Organizational unit name
• Common name
• Email address
At each prompt, text enclosed in square brackets indicates the default value that will be used if you do not enter a value before you press Enter.
This example shows how to create an X.509 certificate that has full access to the private key in the privkey.pem file.
The certificate is written to the cert.pem file and will expire 1095 days after the creation date.
Example:
Host%
openssl req -new -x509 -key privkey.pem -out cert.pem -days 1095
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value, If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
US
State or Province Name (full name) [Berkshire]:
California
Locality Name (eg, city) [Newbury]:
San Jose
Organization Name (eg, company) [My Company Ltd]:
Cisco Systems, Inc.
Organizational Unit Name (eg, section) []:
DEPT_ACCT
Common Name (eg, your name or your server's hostname) []:
Jane
Embedded Event Manager Configuration Guide
189
Signed Tcl Scripts
Signing the Tcl Scripts
Step 2
Email Address []:
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners, size, and when last modified.
Example:
Host%
ls -l
total 24
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1659 Jun 12 15:01 cert.pem
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
The cert.pem file contains the X.509 certificate created using the openssl req command.
Signing the Tcl Scripts
Perform this task to sign the Tcl scripts. You will need to sign the Tcl file and output in OpenSSL document in pkcs7 (PKCS#7) format.
To sign the Tcl file, use the openssl smime command with the -sign keyword.
SUMMARY STEPS
1. openssl smime -sign -in tcl-file -out signed-tcl-file -signer certificate-file -inkey private-key-file -outform
DER -binary
2. ls -l
DETAILED STEPS
Step 1
Step 2
openssl smime -sign -in tcl-file -out signed-tcl-file -signer certificate-file -inkey private-key-file -outform DER
-binary
This command signs the Tcl filename tcl-file using the certificate stored in certificate-file and the private key stored in
private-key-file file and then writes the signed Tcl file in DER PKCS#7 format to the signed-tcl-filefile.
Example:
Host% openssl smime -sign -in hello -out hello.pk7 -signer cert.pem -inkey privkey.pem -outform DER
-binary
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners, size, and when last modified.
190
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Verifying the Signature
Example:
Host%
ls -l
total 40
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1659 Jun 12 15:01 cert.pem
115 Jun 13 10:16 hello
1876 Jun 13 10:16 hello.pk7
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
The hello.pk7 file contains the signed Tcl file created by the openssl smime command from the unsigned Tcl file named hello and using the X.509 certificate in the cert.pem file.
Verifying the Signature
Perform this task to verify that the signature matches the data, use the openssl smime command with the
-verify keyword. The original Tcl content must be provided in the input file, because the file does not have the original content.
SUMMARY STEPS
1. openssl smime -verify -in signed-tcl-file -CAfile certificate-file -inform DER -content tcl-file
2. ls -l
DETAILED STEPS
Step 1
Step 2
openssl smime -verify -in signed-tcl-file -CAfile certificate-file -inform DER -content tcl-file
This command verifies the signed Tcl file stored in DER PKCS#7 format in signed-tcl-file using the trusted Certificate
Authority (CA) certificates in certificate-file and then writes the detached content to the file tcl-file.
The following example shows how to verify the signature with the input file hello.pk7:
Example:
Host%
openssl smime -verify -in hello.pk7 -CAfile cert.pem -inform DER -content hello
puts hello puts "argc = $argc" puts "argv = $argv" puts "argv0 = $argv0" puts "tcl_interactive = $tcl_interactive"
Verification successful
Note
The SSL command page describes -in filename as the input message to be encrypted or signed or the MIME message to be decrypted or verified. For more information, go to http://www.openssl.org/ .
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners, size, and when last modified.
Embedded Event Manager Configuration Guide
191
Signed Tcl Scripts
Converting the Signature into Nonbinary Data
Example:
Host%
ls -l
total 40
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1659 Jun 13 10:18 cert.pem
115 Jun 13 10:17 hello
1876 Jun 13 10:16 hello.pk7
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
The hello file contains the content detached from the signed Tcl file hello.pk7 by running the openssl smime command with the -verify keyword. If the verification was successful, the signer’s certificates are written to the X.509 certificate in the cert.pem file.
Converting the Signature into Nonbinary Data
Perform this task to convert the signature from binary to nonbinary data.
SUMMARY STEPS
1. xxd -ps signed-tcl-file > nonbinary-signature-file
2. Create a script that displays #Cisco Tcl Signature V1.0 in the first line andinserts a comment character
(#) at the beginning of each line of the input file and writes each line to a file whose name is formed by appending the text string “_sig” to the name of the input file.
3. Run the script, supplying the name of the file containing the nonbinary signature file
(nonbinary-signature-file) as the input argument.
4. ls -l
5. cat signed-tcl-file commented-nonbinary-signature-file > signed-tcl-script
6. cat signed-tcl-script
DETAILED STEPS
Step 1
Step 2
xxd -ps signed-tcl-file > nonbinary-signature-file
This command converts the signature in signed-tcl-file from binary to nonbinary data and stores it as a hexadecimal dump in the file nonbinary-signature-file.
Example:
Host%
xxd -ps hello.pk7 > hello.hex
Create a script that displays #Cisco Tcl Signature V1.0 in the first line andinserts a comment character (#) at the beginning of each line of the input file and writes each line to a file whose name is formed by appending the text string “_sig” to the name of the input file.
In this example the cat command is used to display the contents of the script file named my_append.
192
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Converting the Signature into Nonbinary Data
Step 3
Step 4
Step 5
Example:
Host%
cat my_append
#!/usr/bin/env expect set my_first {#Cisco Tcl Signature V1.0} set newline {} set my_file [lindex $argv 0] set my_new_file ${my_file}_sig set my_new_handle [open $my_new_file w] set my_handle [open $my_file r] puts $my_new_handle $newline puts $my_new_handle $my_first foreach line [split [read $my_handle] "\n"] { set new_line {#} append new_line $line puts $my_new_handle $new_line
} close $my_new_handle close $my_handle
Run the script, supplying the name of the file containing the nonbinary signature file (nonbinary-signature-file) as the input argument.
In this example, the my_append script is run with the nonbinary signature file hello.hex specified as input. The output file will be named hello.hex_sig.
Example:
Host%
my_append hello.hex
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners, size, and when last modified.
Example:
Host%
ls -l
total 80
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rwxr--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1659 Jun 13 10:18 cert.pem
115 Jun 13 10:17 hello
3815 Jun 13 10:20 hello.hex
3907 Jun 13 10:22 hello.hex_sig
1876 Jun 13 10:16 hello.pk7
444 Jun 13 10:22 my_append
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
The hello.hex file contains nonbinary data (stored as a hexadecimal dump) converted from the binary signature in the signed Tcl file hello.pk7. The my_append file contains the script that inserts a comment character at the beginning of each line of the input file. The hello.hex_sig file is the file created by running the my_append script on the nonbinary signature file.
cat signed-tcl-file commented-nonbinary-signature-file > signed-tcl-script
This command appends the contents of the nonbinary signature file (commented-nonbinary-signature-file) to the signed
Tcl file stored in DER PKCS#7 format (in the signed-tcl-file file). The concatenated output is written to the file
signed-tcl-script.
Embedded Event Manager Configuration Guide
193
Signed Tcl Scripts
Converting the Signature into Nonbinary Data
Step 6
Example:
Host%
cat hello hello.hex_sig > hello.tcl
cat signed-tcl-script
This command displays the contents of the file signed-tcl-script, which is the concatenation of content detached from the signed Tcl file and the nonbinary signature file.
Example:
Host%
cat hello.tcl
puts hello puts "argc = $argc" puts "argv = $argv" puts "argv0 = $argv0" puts "tcl_interactive = $tcl_interactive"
#Cisco Tcl Signature V1.0
#3082075006092a864886f70d010702a08207413082073d020101310b3009
#06052b0e03021a0500300b06092a864886f70d010701a08204a13082049d
#30820385a003020102020100300d06092a864886f70d0101040500308195
#310b3009060355040613025553311330110603550408130a43616c69666f
#726e69613111300f0603550407130853616e204a6f7365311c301a060355
#040a1313436973636f2053797374656d732c20496e632e310e300c060355
#040b13054e53535447310d300b060355040313044a6f686e3121301f0609
#2a864886f70d01090116126a6c6175746d616e40636973636f2e636f6d30
#1e170d3037303631323232303134335a170d313030363131323230313433
#5a308195310b3009060355040613025553311330110603550408130a4361
#6c69666f726e69613111300f0603550407130853616e204a6f7365311c30
#1a060355040a1313436973636f2053797374656d732c20496e632e310e30
#0c060355040b13054e53535447310d300b060355040313044a6f686e3121
#301f06092a864886f70d01090116126a6c6175746d616e40636973636f2e
#636f6d30820122300d06092a864886f70d01010105000382010f00308201
#0a0282010100a751eb5ec1f3009738c88a55987c07b759c36f3386342283
#67ea20a89d9483ae85e0c63eeded8ab3eb7a08006689f09136f172183665
#c971099ba54e77ab47706069bbefaaab8c50184396350e4cc870c4c3f477
#88c55c52e2cf411f05b59f0eaec0678ff5cc238fdce2263a9fc6b6c244b8
#ffaead865c19c3d3172674a13b24c8f2c01dd8b1bd491c13e84e29171b85
#f28155d81ac8c69bb25ca23c2921d85fbf745c106e7aff93c72316cbc654
#4a34ea88174a8ba7777fa60662974e1fbac85a0f0aeac925dba6e5e850b8
#7caffce2fe8bb04b61b62f532b5893c081522d538005df81670b931b0ad0
#e1e76ae648f598a9442d5d0976e67c8d55889299147d0203010001a381f5
#3081f2301d0603551d0e04160414bc34132be952ff8b9e1af3b93140a255
#e54a667c3081c20603551d230481ba3081b78014bc34132be952ff8b9e1a
#f3b93140a255e54a667ca1819ba48198308195310b300906035504061302
#5553311330110603550408130a43616c69666f726e69613111300f060355
#0407130853616e204a6f7365311c301a060355040a1313436973636f2053
#797374656d732c20496e632e310e300c060355040b13054e53535447310d
#300b060355040313044a6f686e3121301f06092a864886f70d0109011612
#6a6c6175746d616e40636973636f2e636f6d820100300c0603551d130405
#30030101ff300d06092a864886f70d010104050003820101000c83c1b074
#6720929c9514af6d5df96f0a95639f047c40a607c83d8362507c58fa7f84
#aa699ec5e5bef61b2308297a0662c653ff446acfbb6f5cb2dd162d939338
#a5e4d78a5c45021e5d4dbabb8784efbf50cab0f5125d164487b31f5cf933
#a9f68f82cd111cbab1739d7f372ec460a7946882874b0a0f22dd53acbd62
#a944a15e52e54a24341b3b8a820f23a5bc7ea7b2278bb56838b8a4051926
#af9c167274ff8449003a4e012bcf4f4b3e280f85209249a390d14df47435
#35efabce720ea3d56803a84a2163db4478ae19d7d987ef6971c8312e280a
#aac0217d4fe620c6582a48faa8ea5e3726a99012e1d55f8d61b066381f77
#4158d144a43fb536c77d6a318202773082027302010130819b308195310b
#3009060355040613025553311330110603550408130a43616c69666f726e
#69613111300f0603550407130853616e204a6f7365311c301a060355040a
#1313436973636f2053797374656d732c20496e632e310e300c060355040b
#13054e53535447310d300b060355040313044a6f686e3121301f06092a86
#4886f70d01090116126a6c6175746d616e40636973636f2e636f6d020100
#300906052b0e03021a0500a081b1301806092a864886f70d010903310b06
194
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Configuring the Device with a Certificate
#092a864886f70d010701301c06092a864886f70d010905310f170d303730
#3631333137313634385a302306092a864886f70d01090431160414372cb3
#72dc607990577fd0426104a42ee4158d2b305206092a864886f70d01090f
#31453043300a06082a864886f70d0307300e06082a864886f70d03020202
#0080300d06082a864886f70d0302020140300706052b0e030207300d0608
#2a864886f70d0302020128300d06092a864886f70d010101050004820100
#72db6898742f449b26d3ac18f43a1e7178834fb05ad13951bf042e127eea
#944b72b96f3b8ecf7eb52f3d0e383bf63651750223efe69eae04287c9dae
#b1f31209444108b31d34e46654c6c3cc10b5baba887825c224ec6f376d49
#00ff7ab2d9f88402dab9a2c2ab6aa3ecceeaf5a594bdc7d3a822c55e7daa
#aa0c2b067e06967f22a20e406fe21d9013ecc6bd9cd6d402c2749f8bea61
#9f8f87acfbc9e10d6ce91502e34629adca6ee855419afafe6a8233333e14
#ad4c107901d1f2bca4d7ffaadddbc54192a25da662f8b8509782c76977b8
#94879453fbb00486ccc55f88db50fcc149bae066916b350089cde51a6483
#2ec14019611720fc5bbe2400f24225fc
Configuring the Device with a Certificate
Perform this task to configure the device with a certificate.
Before You Begin
You must already have a Cisco IOS Crypto image; otherwise you cannot configure a certificate.
SUMMARY STEPS
1. enable
2. configure terminal
3. crypto pki trustpoint name
4. enrollment terminal
5. exit
6. crypto pki authenticate name
7. At the prompt, enter the base-encoded CA certificate.
8. scripting tcl secure-mode
9. scripting tcl trustpoint name name
10. scripting tcl trustpoint untrusted {execute | safe-execute | terminate}
11. exit
12. tclsafe
DETAILED STEPS
Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
Embedded Event Manager Configuration Guide
195
Signed Tcl Scripts
Configuring the Device with a Certificate
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Example:
Device> enable
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
crypto pki trustpoint name
Declares the device is to use the Certificate Authority (CA) mytrust and enters ca-trustpoint configuration mode.
Example:
Device(config)# crypto pki trustpoint mytrust
enrollment terminal
Specifies manual cut-and-paste certificate enrollment. When this command is enabled, the device displays the certificate request on the console terminal, allowing you to enter the issued certificate on the terminal.
Example:
Device(ca-trustpoint)# enrollment terminal
exit
Exits ca-trustpoint configuration mode and returns to global configuration mode.
Example:
Device(ca-trustpoint)# exit
crypto pki authenticate name
Retrieves the CA certificate and authenticates it. Check the certificate fingerprint if prompted.
Note
Because the CA signs its own certificate, you should manually authenticate the public key of the CA by contacting the CA administrator when you perform this command.
Example:
Device(config)# crypto pki authenticate mytrust
At the prompt, enter the base-encoded CA certificate.
Example:
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
MIIEuDCCA6CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRwwGgYDVQQK
ExNDaXNjbyBTeXN0ZW1zLCBJbmMuMQ4wDAYDVQQLEwVOU1NURzEWMBQGA1UEAxMN
Sm9obiBMYXV0bWFubjEhMB8GCSqGSIb3DQEJARYSamxhdXRtYW5AY2lzY28uY29t
MB4XDTA2MTExNzE3NTgwMVoXDTA5MTExNjE3NTgwMVowgZ4xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEcMBoGA1UE
196
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Configuring the Device with a Certificate
Step 8
ChMTQ2lzY28gU3lzdGVtcywgSW5jLjEOMAwGA1UECxMFTlNTVEcxFjAUBgNVBAMT
DUpvaG4gTGF1dG1hbm4xITAfBgkqhkiG9w0BCQEWEmpsYXV0bWFuQGNpc2NvLmNv bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxtqTMCirMb+CdyWLuH oWAM8CEJDwQggL7MWBhoi3TSMd/ww2XBB9biBtdlH6jHsjCiOwAR5OorakwfPyf7 mvRJ2PqJALs+Vn93VBKIG6rZUl4+wdOx686BVddIZvEJQPbROiYTzfazWV70aLMV bd7/B7vF1SG1YK9y1tX9p9nZyZ0x47OAXetwOaGinvlG7VNuTXaASBLUjCRZsIlz
SBrXXedBzZ6+BuoWm1FK45EYSlag5Rt9RGXXMBqzx91iyhrJ3zDDmkExa45yKJET mAgDVMcpeteJtif47UDZJK30g4MbMyx/c8WGhmJ54qRL9BZEPmDxMQkNP10l8MAl
Q8sCAwEAAaOB/jCB+zAdBgNVHQ4EFgQU9/ToDvbMR3JfJ4xEa4X47oNFq5kwgcsG
A1UdIwSBwzCBwIAU9/ToDvbMR3JfJ4xEa4X47oNFq5mhgaSkgaEwgZ4xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEc
MBoGA1UEChMTQ2lzY28gU3lzdGVtcywgSW5jLjEOMAwGA1UECxMFTlNTVEcxFjAU
BgNVBAMTDUpvaG4gTGF1dG1hbm4xITAfBgkqhkiG9w0BCQEWEmpsYXV0bWFuQGNp c2NvLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQBtEs/4
MQeN9pT+XPCPg2ObQU8y2AadI+I34YK+fDHsFOh68hZhpszTN2VpNEvkFXpADhgr
7DkNGtwTCla481v70iNFViQVL+inNrZwWMxoTnUNCK7Hc5kHkXt6cj0mvsefVUzx
Xl70mauhESRVlmYWrJxSsrEILerZYsuv5HbFdand+/rErmP2HVyfdntLnKdSzmXJ
5lwE/Et2QtYNGor0OBlLesowfslR3LhHi4wn+5is7mALgNw/NuTiUr1zH18OeB4m wcpBIJsLaJu6ZUJQl7IqdswSa3fHd5qq0/k8P9z0YAYrf3+MFQr4ibvsYvHlO087 o2Js1gW4qz34pqNh
Certificate has the following attributes:
Fingerprint MD5: 1E327DBB 330936EB 2FB8EACB 4FD1133E
Fingerprint SHA1: EE7FF9F4 05148842 B9D50FAC D76FDC9C E0703246
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
scripting tcl secure-mode
Enables signature verification of the interactive Tcl scripts.
Device(config)# scripting tcl secure-mode
Step 9
scripting tcl trustpoint name name
Associates an existing configured trustpoint name with a certificate to verify Tcl scripts.
Device(config)# scripting tcl trustpoint name mytrust
Step 10
scripting tcl trustpoint untrusted {execute | safe-execute | terminate}
(Optional) Allows the interactive Tcl scripts to run regardless of the scripts failing in the signature check or in untrusted mode using one of the three keywords: execute, safe-execute, or terminate.
• execute --Executes Tcl scripts even if the signature verification fails. If the execute keyword is configured, signature verification is not at all performed.
Note
Use of this keyword is usually not recommended because the signature verification is not at all performed.
The execute keyword is provided for internal testing purposes and to provide flexibility. For example, in a situation where a certificate has expired but the other configurations are valid and you want to work with the existing configuration, then you can use the execute keyword to work around the expired certificate.
• safe-execute --Allows the script to run in safe mode. You can use the tclsafe command and also enter the interactive
Tcl shell safe mode to explore the safe mode Tcl commands that are available. In order to get a better understanding of what is available in this limited safe mode, use the tclsafe Exec command to explore the options.
• terminate --Stops any script from running and reverts to default behavior. The default policy is to terminate. When the last trustpoint name is removed, the untrusted action is also removed. The untrusted action cannot be entered until at least one trustpoint name is configured for Tcl.
Embedded Event Manager Configuration Guide
197
Signed Tcl Scripts
Verifying the Trustpoint
Step 11
Step 12
The following example shows how to execute the Tcl script in safe mode using the safe-execute keyword when the signature verification fails.
Device(config)# scripting tcl trustpoint untrusted safe-execute
exit
Exits global configuration mode and returns to privileged EXEC mode.
Device(config)# exit
tclsafe
(Optional) Enables the interactive Tcl shell untrusted safe mode. This allows you to manually run Tcl commands from the Cisco command line interface in untrusted safe mode.
Device# tclsafe
Example:
Verifying the Trustpoint
To display the trustpoints that are configured in the device, use the show crypto pki trustpoints command.
SUMMARY STEPS
1. enable
2. show crypto pki trustpoints
DETAILED STEPS
Step 1
Step 2 enable
This command enables privileged EXEC mode.
Example:
Device>
enable show crypto pki trustpoints
This command displays the trustpoints that are configured in the device.
Example:
Device#
show crypto pki trustpoints
198
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Verifying the Signed Tcl Script
Trustpoint mytrust:
Subject Name: [email protected]
cn=Jane ou=DEPT_ACCT o=Cisco l=San Jose st=California c=US
Serial Number: 00
Certificate configured.
Verifying the Signed Tcl Script
To verify that the Signed Tcl Script is properly running, use the debug crypto pki transactions command and the tclshcommand.
SUMMARY STEPS
1. enable
2. debug crypto pki transactions
3. tclsh flash:signed-tcl-file
DETAILED STEPS
Step 1
Step 2
Step 3 enable
This command enables privileged EXEC mode.
Example:
Device>
enable debug crypto pki transactions
This command display debugging messages for the trace of interaction (message type) between the CA and the device.
Example:
Device#
debug crypto pki transactions
Crypto PKI Trans debugging is on
tclsh flash:signed-tcl-file
This command executes the Tcl script in Tcl shell.
Note
The file should be a signed Tcl file.
Example:
Device#
tclsh flash:hello.tcl
Embedded Event Manager Configuration Guide
199
Signed Tcl Scripts
What to Do Next
hello argc = 0 argv = argv0 = flash:hello.tcl
tcl_interactive = 0 device#
*Apr 21 04:46:18.563: CRYPTO_PKI: locked trustpoint mytrust, refcount is 1
*Apr 21 04:46:18.563: The PKCS #7 message has 0 verified signers.
*Apr 21 04:46:18.563: CRYPTO_PKI: Success on PKCS7 verify!
*Apr 21 04:46:18.563: CRYPTO_PKI: unlocked trustpoint mytrust, refcount is 0
What to Do Next
• To get an overview of Crypto, refer to the “Part 5: Implementing and Managing a PKI” section of the
Security Configuration Guide.
Configuration Examples for Signed Tcl Script
Generating a Key Pair Example
The following example shows how to generate the key pair--a private key and a public key:
Generate a Private Key: Example
Host% openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
.........+++
...............................................................................+++ e is 65537 (0x10001)
Host% ls -l total 8
-rw-r--r-1 janedoe eng12
Host%
1679 Jun 12 14:55 privkey.pem
Generate a Public Key from the Private Key
Host% openssl rsa -in privkey.pem -pubout -out pubkey.pem
writing RSA key
Host% ls -l total 16
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
Generating a Certificate Example
The following example shows how to generate a certificate:
Host% openssl req -new -x509 -key privkey.pem -out cert.pem -days 1095
200
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Signing the Tcl Scripts Example
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value, If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:California
Locality Name (eg, city) [Newbury]:San Jose
Organization Name (eg, company) [My Company Ltd]:Cisco Systems, Inc.
Organizational Unit Name (eg, section) []:DEPT_ACCT
Common Name (eg, your name or your server's hostname) []:Jane
Email Address []:[email protected]
Host% ls -l total 24
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1659 Jun 12 15:01 cert.pem
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
Signing the Tcl Scripts Example
The following example shows how to sign the Tcl scripts:
Host% openssl smime -sign -in hello -out hello.pk7 -signer cert.pem -inkey privkey.pem
-outform DER -binary
Host% ls -l total 40
-rw-r--r-1 janedoe eng12
-rw-r--r--
-rw-r--r--
1 janedoe eng12
1 janedoe eng12
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1659 Jun 12 15:01 cert.pem
115 Jun 13 10:16 hello
1876 Jun 13 10:16 hello.pk7
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
Verifying the Signature Example
The following example shows how to verify the signature:
Host% openssl smime -verify -in hello.pk7 -CAfile cert.pem -inform DER -content hello puts hello puts "argc = $argc" puts "argv = $argv" puts "argv0 = $argv0" puts "tcl_interactive = $tcl_interactive"
Verification successful
Converting the Signature with Nonbinary Data Example
The following example shows how to convert the Tcl signature with nonbinary data:
#Cisco Tcl Signature V1.0
Then append the signature file to the end of the file.
Host% xxd -ps hello.pk7 > hello.hex
Host% cat my_append
#!/usr/bin/env expect set my_first {#Cisco Tcl Signature V1.0} set newline {} set my_file [lindex $argv 0] set my_new_file ${my_file}_sig set my_new_handle [open $my_new_file w] set my_handle [open $my_file r]
Embedded Event Manager Configuration Guide
201
Converting the Signature with Nonbinary Data Example
puts $my_new_handle $newline puts $my_new_handle $my_first foreach line [split [read $my_handle] "\n"] { set new_line {#} append new_line $line puts $my_new_handle $new_line
} close $my_new_handle close $my_handle
Host% my_append hello.hex
Host% ls -l total 80
-rw-r--r--
-rw-r--r--
-rw-r--r--
-rw-r--r--
1 janedoe eng12
1 janedoe eng12
1 janedoe eng12
1 janedoe eng12
1659 Jun 12 15:01 cert.pem
115 Jun 13 10:16 hello
3815 Jun 13 10:20 hello.hex
3907 Jun 13 10:22 hello.hex_sig
-rw-r--r-1 janedoe eng12
-rwxr--r-1 janedoe eng12
1876 Jun 13 10:16 hello.pk7
444 Jun 13 10:22 my_append
-rw-r--r-1 janedoe eng12
-rw-r--r-1 janedoe eng12
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem
Host% cat hello hello.hex_sig > hello.tcl
Host% cat hello.tcl
puts hello puts "argc = $argc" puts "argv = $argv" puts "argv0 = $argv0" puts "tcl_interactive = $tcl_interactive"
#Cisco Tcl Signature V1.0
#3082075006092a864886f70d010702a08207413082073d020101310b3009
#06052b0e03021a0500300b06092a864886f70d010701a08204a13082049d
#30820385a003020102020100300d06092a864886f70d0101040500308195
#310b3009060355040613025553311330110603550408130a43616c69666f
#726e69613111300f0603550407130853616e204a6f7365311c301a060355
#040a1313436973636f2053797374656d732c20496e632e310e300c060355
#040b13054e53535447310d300b060355040313044a6f686e3121301f0609
#2a864886f70d01090116126a6c6175746d616e40636973636f2e636f6d30
#1e170d3037303631323232303134335a170d313030363131323230313433
#5a308195310b3009060355040613025553311330110603550408130a4361
#6c69666f726e69613111300f0603550407130853616e204a6f7365311c30
#1a060355040a1313436973636f2053797374656d732c20496e632e310e30
#0c060355040b13054e53535447310d300b060355040313044a6f686e3121
#301f06092a864886f70d01090116126a6c6175746d616e40636973636f2e
#636f6d30820122300d06092a864886f70d01010105000382010f00308201
#0a0282010100a751eb5ec1f3009738c88a55987c07b759c36f3386342283
#67ea20a89d9483ae85e0c63eeded8ab3eb7a08006689f09136f172183665
#c971099ba54e77ab47706069bbefaaab8c50184396350e4cc870c4c3f477
#88c55c52e2cf411f05b59f0eaec0678ff5cc238fdce2263a9fc6b6c244b8
#ffaead865c19c3d3172674a13b24c8f2c01dd8b1bd491c13e84e29171b85
#f28155d81ac8c69bb25ca23c2921d85fbf745c106e7aff93c72316cbc654
#4a34ea88174a8ba7777fa60662974e1fbac85a0f0aeac925dba6e5e850b8
#7caffce2fe8bb04b61b62f532b5893c081522d538005df81670b931b0ad0
#e1e76ae648f598a9442d5d0976e67c8d55889299147d0203010001a381f5
#3081f2301d0603551d0e04160414bc34132be952ff8b9e1af3b93140a255
#e54a667c3081c20603551d230481ba3081b78014bc34132be952ff8b9e1a
#f3b93140a255e54a667ca1819ba48198308195310b300906035504061302
#5553311330110603550408130a43616c69666f726e69613111300f060355
#0407130853616e204a6f7365311c301a060355040a1313436973636f2053
#797374656d732c20496e632e310e300c060355040b13054e53535447310d
#300b060355040313044a6f686e3121301f06092a864886f70d0109011612
#6a6c6175746d616e40636973636f2e636f6d820100300c0603551d130405
#30030101ff300d06092a864886f70d010104050003820101000c83c1b074
#6720929c9514af6d5df96f0a95639f047c40a607c83d8362507c58fa7f84
#aa699ec5e5bef61b2308297a0662c653ff446acfbb6f5cb2dd162d939338
#a5e4d78a5c45021e5d4dbabb8784efbf50cab0f5125d164487b31f5cf933
#a9f68f82cd111cbab1739d7f372ec460a7946882874b0a0f22dd53acbd62
#a944a15e52e54a24341b3b8a820f23a5bc7ea7b2278bb56838b8a4051926
#af9c167274ff8449003a4e012bcf4f4b3e280f85209249a390d14df47435
#35efabce720ea3d56803a84a2163db4478ae19d7d987ef6971c8312e280a
#aac0217d4fe620c6582a48faa8ea5e3726a99012e1d55f8d61b066381f77
#4158d144a43fb536c77d6a318202773082027302010130819b308195310b
#3009060355040613025553311330110603550408130a43616c69666f726e
202
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Signed Tcl Scripts
Configuring the Device with a Certificate Example
#69613111300f0603550407130853616e204a6f7365311c301a060355040a
#1313436973636f2053797374656d732c20496e632e310e300c060355040b
#13054e53535447310d300b060355040313044a6f686e3121301f06092a86
#4886f70d01090116126a6c6175746d616e40636973636f2e636f6d020100
#300906052b0e03021a0500a081b1301806092a864886f70d010903310b06
#092a864886f70d010701301c06092a864886f70d010905310f170d303730
#3631333137313634385a302306092a864886f70d01090431160414372cb3
#72dc607990577fd0426104a42ee4158d2b305206092a864886f70d01090f
#31453043300a06082a864886f70d0307300e06082a864886f70d03020202
#0080300d06082a864886f70d0302020140300706052b0e030207300d0608
#2a864886f70d0302020128300d06092a864886f70d010101050004820100
#72db6898742f449b26d3ac18f43a1e7178834fb05ad13951bf042e127eea
#944b72b96f3b8ecf7eb52f3d0e383bf63651750223efe69eae04287c9dae
#b1f31209444108b31d34e46654c6c3cc10b5baba887825c224ec6f376d49
#00ff7ab2d9f88402dab9a2c2ab6aa3ecceeaf5a594bdc7d3a822c55e7daa
#aa0c2b067e06967f22a20e406fe21d9013ecc6bd9cd6d402c2749f8bea61
#9f8f87acfbc9e10d6ce91502e34629adca6ee855419afafe6a8233333e14
#ad4c107901d1f2bca4d7ffaadddbc54192a25da662f8b8509782c76977b8
#94879453fbb00486ccc55f88db50fcc149bae066916b350089cde51a6483
#2ec14019611720fc5bbe2400f24225fc
Configuring the Device with a Certificate Example
The following example shows how to configure the device with a certificate: crypto pki trustpoint mytrust
!
enrollment terminal
!
crypto pki authentication mytrust crypto pki certificate chain mytrust certificate ca 00
308204B8 308203A0 A0030201 02020100 300D0609 2A864886 F70D0101 04050030
819E310B 30090603 55040613 02555331 13301106 03550408 130A4361 6C69666F
726E6961 3111300F 06035504 07130853 616E204A 6F736531 1C301A06 0355040A
13134369 73636F20 53797374 656D732C 20496E63 2E310E30 0C060355 040B1305
4E535354 47311630 14060355 0403130D 4A6F686E 204C6175 746D616E 6E312130
1F06092A 864886F7 0D010901 16126A6C 6175746D 616E4063 6973636F 2E636F6D
301E170D 30363131 31373137 35383031 5A170D30 39313131 36313735 3830315A
30819E31 0B300906 03550406 13025553 31133011 06035504 08130A43 616C6966
6F726E69 61311130 0F060355 04071308 53616E20 4A6F7365 311C301A 06035504
0A131343 6973636F 20537973 74656D73 2C20496E 632E310E 300C0603 55040B13
054E5353 54473116 30140603 55040313 0D4A6F68 6E204C61 75746D61 6E6E3121
301F0609 2A864886 F70D0109 0116126A 6C617574 6D616E40 63697363 6F2E636F
6D308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201
0100BC6D A933028A B31BF827 7258BB87 A1600CF0 21090F04 2080BECC 5818688B
74D231DF F0C365C1 07D6E206 D7651FA8 C7B230A2 3B0011E4 EA2B6A4C 1F3F27FB
9AF449D8 FA8900BB 3E567F77 5412881B AAD9525E 3EC1D3B1 EBCE8155 D74866F1
0940F6D1 3A2613CD F6B3595E F468B315 6DDEFF07 BBC5D521 B560AF72 D6D5FDA7
D9D9C99D 31E3B380 5DEB7039 A1A29EF9 46ED536E 4D768048 12D48C24 59B08973
481AD75D E741CD9E BE06EA16 9B514AE3 91184A56 A0E51B7D 4465D730 1AB3C7DD
62CA1AC9 DF30C39A 41316B8E 72289113 98080354 C7297AD7 89B627F8 ED40D924
ADF48383 1B332C7F 73C58686 6279E2A4 4BF41644 3E60F131 090D3F5D 25F0C025
43CB0203 010001A3 81FE3081 FB301D06 03551D0E 04160414 F7F4E80E F6CC4772
5F278C44 6B85F8EE 8345AB99 3081CB06 03551D23 0481C330 81C08014 F7F4E80E
F6CC4772 5F278C44 6B85F8EE 8345AB99 A181A4A4 81A13081 9E310B30 09060355
04061302 55533113 30110603 55040813 0A43616C 69666F72 6E696131 11300F06
03550407 13085361 6E204A6F 7365311C 301A0603 55040A13 13436973 636F2053
79737465 6D732C20 496E632E 310E300C 06035504 0B13054E 53535447 31163014
06035504 03130D4A 6F686E20 4C617574 6D616E6E 3121301F 06092A86 4886F70D
01090116 126A6C61 75746D61 6E406369 73636F2E 636F6D82 0100300C 0603551D
13040530 030101FF 300D0609 2A864886 F70D0101 04050003 82010100 6D12CFF8
31078DF6 94FE5CF0 8F83639B 414F32D8 069D23E2 37E182BE 7C31EC14 E87AF216
61A6CCD3 37656934 4BE4157A 400E182B EC390D1A DC130A56 B8F35BFB D2234556
24152FE8 A736B670 58CC684E 750D08AE C7739907 917B7A72 3D26BEC7 9F554CF1
5E5EF499 ABA11124 55966616 AC9C52B2 B1082DEA D962CBAF E476C575 A9DDFBFA
C4AE63F6 1D5C9F76 7B4B9CA7 52CE65C9 E65C04FC 4B7642D6 0D1A8AF4 38194B7A
CA307EC9 51DCB847 8B8C27FB 98ACEE60 0B80DC3F 36E4E252 BD731F5F 0E781E26
C1CA4120 9B0B689B BA654250 97B22A76 CC126B77 C7779AAA D3F93C3F DCF46006
Embedded Event Manager Configuration Guide
203
Signed Tcl Scripts
Additional References
2B7F7F8C 150AF889 BBEC62F1 E53B4F3B A3626CD6 05B8AB3D F8A6A361 quit archive log config scripting tcl trustpoint name mytrust scripting tcl secure-mode
!
!
end
Additional References
The following sections provide references related to the Signed Tcl Scripts feature.
Related Documents
Related Topic Document Title
Cisco PKI Overview: Understanding and Planning a
PKI
Implementing and Managing a PKI
Security Configuration Guide, Release 12.4
PKI commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples.
Cisco IOS Security Command Reference, Release
12.4
Standards
Standard
None
Title
--
MIBs
MIB
None
MIBs Link
To locate and download MIBs for selected platforms,
Cisco software releases, and feature sets, use Cisco
MIB Locator found at the following URL: http://www.cisco.com/go/mibs
RFCs
RFC
None
Title
--
204
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
Feature Information for Signed Tcl Scripts
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with
Cisco products and technologies.
http://www.cisco.com/techsupport
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
Feature Information for Signed Tcl Scripts
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to . An account on Cisco.com is not required.
Table 27: Feature Information for Signed Tcl Scripts
Feature Name
Signed Tcl Scripts
Releases Feature Information
The Signed Tcl Scripts feature allows you to create a certificate to generate a digital signature and sign a Tcl script with that digital signature.
The following commands were introduced by this feature:
scripting tcl secure-mode,
scripting tcl trustpoint name,
scripting tcl trustpoint
untrusted,and tclsafe.
Embedded Event Manager Configuration Guide
205
Signed Tcl Scripts
Glossary
Glossary
CA--certification authority. Service responsible for managing certificate requests and issuing certificates to participating IPsec network devices. This service provides centralized key management for the participating devices and is explicitly trusted by the receiver to validate identities and to create digital certificates.
certificates--Electronic documents that bind a user's or device's name to its public key. Certificates are commonly used to validate a digital signature.
CRL--certificate revocation list. Electronic document that contains a list of revoked certificates. The CRL is created and digitally signed by the CA that originally issued the certificates. The CRL contains dates for when the certificate was issued and when it expires. A new CRL is issued when the current CRL expires.
IPsec--IP security peer certificate--Certificate presented by a peer, which contains the peer's public key and is signed by the trustpoint CA.
PKI--public key infrastructure. System that manages encryption keys and identity information for components of a network that participate in secured communications.
RA--registration authority. Server that acts as a proxy for the CA so that CA functions can continue when the
CA is offline. Although the RA is often part of the CA server, the RA could also be an additional application, requiring an additional device to run it.
RSA keys--Public key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard Adleman.
An RSA key pair (a public and a private key) is required before you can obtain a certificate for your device.
SHA1--Secure Hash Algorithm 1
SSH--secure shell
SSL--secure socket layer
Notices
The following notices pertain to this software license.
OpenSSL Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( http:// www.openssl.org/ ).
This product includes cryptographic software written by Eric Young ([email protected]).
This product includes software written by Tim Hudson ([email protected]).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are
BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected].
206
Embedded Event Manager Configuration Guide
Signed Tcl Scripts
OpenSSL Open SSL Project
OpenSSL License:
Copyright
©
1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1
Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2
Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.
3
All advertising materials mentioning features or use of this software must display the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit ( http://www.openssl.org/ )”.
4
The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].
5
Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.
6
Redistributions of any form whatsoever must retain the following acknowledgment:
“This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( http:// www.openssl.org/ )”.
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS”' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).
Original SSLeay License:
Copyright
©
1995-1998 Eric Young ([email protected]). All rights reserved.
This package is an SSL implementation written by Eric Young ([email protected]).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]).
Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library
Embedded Event Manager Configuration Guide
207
Signed Tcl Scripts
OpenSSL Open SSL Project
used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1
Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3
All advertising materials mentioning features or use of this software must display the following acknowledgement:
“This product includes cryptographic software written by Eric Young ([email protected])”.
The word ‘cryptographic’ can be left out if the routines from the library being used are not cryptography-related.
1
If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: “This product includes software written by Tim Hudson
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU
Public License].
208
Embedded Event Manager Configuration Guide
C H A P T E R
6
EEM Action Tcl Command Extension
The following conventions are used for the syntax documented on the Tcl command extension pages:
• An optional argument is shown within square brackets, for example:
[type ?]
• A question mark ? represents a variable to be entered.
• Choices between arguments are represented by pipes, for example: priority low|normal|high
Note
For all EEM Tcl command extensions, if there is an error, the returned Tcl result string contains the error information.
Note
Arguments for which no numeric range is specified take an integer from -2147483648 to 2147483647, inclusive.
•
•
•
•
•
•
•
action_snmp_object_value, page 214
•
•
•
Embedded Event Manager Configuration Guide
209
EEM Action Tcl Command Extension action_policy
•
action_policy
Allows a Tcl script to run an Embedded Event Manager (EEM) policy that has been registered with the None event detector. The action of running an EEM policy can also be performed using the event manager run command.
Syntax
action_policy ?
Arguments
? (represents a string) (Mandatory) The name of the EEM policy to be scheduled for execution. The policy must have been previously registered with the None event detector.
None
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 12) FH_ENOSUCHEID (unknown event ID)
This error means that the policy is unknown because it is not registered.
(_cerr_sub_err = 14) FH_ENOSUCHACTION (unknown action type)
This error means that the action command requested was unknown.
action_process
Starts, restarts, or kills a Software Modularity process. This Tcl command extension is supported only in
Software Modularity images.
Syntax
action_process start|restart|kill [job_id ?]
[process_name ?] [instance ?]
210
Embedded Event Manager Configuration Guide
EEM Action Tcl Command Extension action_process
Arguments
start restart kill job_id process_name instance
(Mandatory) Specifies that a process is to be started.
(Mandatory) Specifies that a process is to be restarted.
(Mandatory) Specifies that a process is to be stopped
(killed).
(Optional) System manager assigned job ID for the process. If you specify this argument, it must be an integer between 1 and 4294967295, inclusive.
(Optional) Process name. Either job_id must be specified or process_name and instance must be specified.
(Optional) Process instance ID. If you specify this argument, it must be an integer between 1 and
4294967295, inclusive.
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 14) FH_ENOSUCHACTION (unknown action type)
This error means that the action command requested was unknown.
(_cerr_sub_num = 425, _cerr_sub_err = 1) SYSMGR_ERROR_INVALID_ARGS (Invalid arguments passed)
This error means that the arguments passed in were invalid.
(_cerr_sub_num = 425, _cerr_sub_err = 2) SYSMGR_ERROR_NO_MEMORY (Could not allocate required memory)
This error means that an internal SYSMGR request for memory failed.
(_cerr_sub_num = 425, _cerr_sub_err = 5) SYSMGR_ERROR_NO_MATCH (This process is not known to sysmgr)
This error means that the process name was not known.
(_cerr_sub_num = 425, _cerr_sub_err = 14) SYSMGR_ERROR_TOO_BIG (outside the valid limit)
This error means that an object size exceeded its maximum.
(_cerr_sub_num = 425, _cerr_sub_err = 15) SYSMGR_ERROR_INVALID_OP (Invalid operation for this process)
This error means that the operation was invalid for the process.
Embedded Event Manager Configuration Guide
211
EEM Action Tcl Command Extension action_program
action_program
Allows a Tcl script to run a POSIX process (program), optionally with a given argument string, environment string, Standard Input (stdin) pathname, Standard Output (stdout) pathname, or Standard Error (stderr) pathname. This Tcl command extension is supported only in Software Modularity images.
Syntax
action_program path ? [argv ?] [envp ?] [stdin ?] [stdout ?] [stderr ?]
Arguments
path argv envp stdin stdout stderr
(Mandatory) The pathname of a program to run.
(Optional) The argument string of the program.
(Optional) The environment string of the program.
(Optional) The pathname for stdin.
(Optional) The pathname for stdout.
(Optional) The pathname for stderr.
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 14) FH_ENOSUCHACTION (unknown action type)
This error means that the action command requested was unknown.
(_cerr_sub_err = 34) FH_EMAXLEN (maximum length exceeded)
This error means that the object length or number exceeded the maximum.
action_reload
Reloads the device.
212
Embedded Event Manager Configuration Guide
EEM Action Tcl Command Extension action_script
Syntax
action_reload
Arguments
None
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 14) FH_ENOSUCHACTION (unknown action type)
This error means that the action command requested was unknown.
action_script
Allows a Tcl script to enable or disable the execution of all Tcl scripts (enables or disables the script scheduler).
Syntax
action_script [status enable|disable]
Arguments
status (Optional) Flag to indicate script execution status. If this argument is set to enable, script execution is enabled; if this argument is set to disable, script execution is disabled.
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 14) FH_ENOSUCHACTION (unknown action type)
Embedded Event Manager Configuration Guide
213
EEM Action Tcl Command Extension action_snmp_trap
This error means that the action command requested was unknown.
(_cerr_sub_err = 52) FH_ECONFIG (configuration error)
This error means that a configuration error has occurred.
action_snmp_trap
Sends a Simple Network Management Protocol (SNMP) trap using the Embedded Event Manager Notification
MIB.
Syntax
action_snmp_trap [intdata1 ?] [intdata2 ?] [strdata ?]
Arguments
intdata1 intdata2 strdata
(Optional) Arbitrary integer sent in trap.
(Optional) Arbitrary integer sent in trap.
(Optional) Arbitrary string data sent in trap.
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 14) FH_ENOSUCHACTION (unknown action type)
This error means that the action command requested was unknown.
action_snmp_object_value
Sets a Simple Network Management Protocol (SNMP) object ID and value to be returned for the SNMP get request.
Syntax
action_snmp_object_value {int|uint|counter|gauge|ipv4|octet|counter64|string} ?
[next_oid ?]
214
Embedded Event Manager Configuration Guide
EEM Action Tcl Command Extension action_switch
Arguments
int uint counter gauge ipv4 octet counter 64 string next_oid
A 32-bit number used to specify a numbered type within the context of a managed object.
A 32-bit number used to represent decimal value.
A 32-bit number with a minimum value of 0.
A 32-bit number with a minimum value of 0.
IP version 4 address.
An octet string in hex notation used to represent physical addresses.
A 64-bit number with a minimum value of 0.
An octet string in text notation used to represent text strings.
The OID of the next object in the table; NULL if it is the last object in the table.
Result String
None
Set _cerrno
Yes
action_switch
Switches processing to a secondary processor in a fully redundant environment. Before using the action_switch
Tcl command extension, you must install a backup processor in the device. If the hardware is not fully redundant, the switchover action will not be performed.
Syntax
action_switch
Arguments
None
Result String
None
Embedded Event Manager Configuration Guide
215
EEM Action Tcl Command Extension action_syslog
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 14) FH_ENOSUCHACTION (unknown action type)
This error means that the action command requested was unknown.
action_syslog
Generates a periodic syslog message using the specified facility when an EEM script is triggered.
Syntax
action_syslog [priority emerg|alert|crit|err|warning|notice|info|debug]
[msg ?] [facility ?]
Arguments
priority msg facility
(Optional) The action_syslog message facility level.
If this argument is not specified, the default priority is LOG_INFO.
(Optional) The message to be logged.
(Optional) Syslog facility.
Result String
None
Set _cerrno
Yes
action_track_read
Reads the state of a tracked object when an Embedded Event Manager (EEM) script is triggered.
Syntax
action_track_read ?
216
Embedded Event Manager Configuration Guide
EEM Action Tcl Command Extension action_track_set
Arguments
? (represents a number) (Mandatory) Tracked object number in the range from
1 to 500, inclusive.
Result String
number {%u} state {%s}
Set _cerrno
Yes
FH_ENOTRACK
This error means that the tracked object number was not found.
action_track_set
Sets the state of a tracked object when an Embedded Event Manager (EEM) script is triggered.
Syntax
action_track_set ? state up|down
Arguments
? (represents a number) state
(Mandatory) Tracked object number in the range from
1 to 500, inclusive.
(Mandatory) Specifies that the state of the tracked object will be set. If up is specified, the state of the tracked object will be set to up. If down is specified, the state of the tracked object will be set to down.
Result String
None
Set _cerrno
Yes
FH_ENOTRACK
This error means that the tracked object number was not found.
Embedded Event Manager Configuration Guide
217
action_track_set
EEM Action Tcl Command Extension
218
Embedded Event Manager Configuration Guide
C H A P T E R
7
EEM CLI Library Command Extensions
All command-line interface (CLI) library command extensions belong to the ::cisco::eem namespace.
This library provides users the ability to run CLI commands and get the output of the commands in Tcl.
Users can use commands in this library to spawn an exec and open a virtual terminal channel to it, write the command to execute to the channel so that the command will be executed by exec, and read back the output of the command.
There are two types of CLI commands: interactive commands and non-interactive commands.
For interactive commands, after the command is entered, there will be a "Q&A" phase in which the device will ask for different user options, and the user is supposed to enter the answer for each question. Only after all the questions have been answered properly will the command run according to the user’s options until completion.
For noninteractive commands, once the command is entered, the command will run to completion. To run different types of commands using an EEM script, different CLI library command sequences should be used, which are documented in the "Using the CLI Library to Run a Noninteractive Command" section and in the
"Using the CLI Library to Run an Interactive Command" section in the cli_write Tcl command.
The vty lines are allocated from the pool of vty lines that are configured using the line vty CLI configuration command. EEM will use a vty line when a vty line is not being used by EEM and there are available vty lines. EEM will also use a vty line when EEM is already using a vty line and there are three or more vty lines available. Be aware that the connection will fail when fewer than three vty lines are available, preserving the remaining vty lines for Telnet use.
Your release may support XML-PI. For details about the XML-PI support, the new CLI library command extensions, and some examples of how to implement XML-PI, see EEM CLI Library XML-PI Support.
•
•
•
•
•
•
•
•
Embedded Event Manager Configuration Guide
219
EEM CLI Library Command Extensions cli_close
•
•
•
cli_close
Closes the exec process and releases the vty and the specified channel handler connected to the command-line interface (CLI).
Syntax
cli_close fd tty_id
Arguments
fd tty_id
(Mandatory) The CLI channel handler.
(Mandatory) The TTY ID returned from the cli_open command extension.
Result String
None
Set _cerrno
Cannot close the channel.
cli_exec
Writes the command to the specified channel handler to execute the command. Then reads the output of the command from the channel and returns the output.
Syntax
cli_exec fd cmd
Arguments
fd cmd
(Mandatory) The command-line interface (CLI) channel handler.
(Mandatory) The CLI command to execute.
220
Embedded Event Manager Configuration Guide
EEM CLI Library Command Extensions cli_get_ttyname
Result String
The output of the CLI command executed.
Set _cerrno
Error reading the channel.
cli_get_ttyname
Returns the real and pseudo TTY names for a given TTY ID.
Syntax
cli_get_ttyname tty_id
Arguments
tty_id (Mandatory) The TTY ID returned from the cli_open command extension.
Result String
pty %s tty %s
Set _cerrno
None
cli_open
Allocates a vty, creates an EXEC command-line interface (CLI) session, and connects the vty to a channel handler. Returns an array including the channel handler.
Note
Each call to cli_open initiates a Cisco IOS EXEC session that allocates a Cisco IOS vty line. The vty remains in use until the cli_close routine is called. The vty lines are allocated from the pool of vty lines that are configured using the line vty CLI configuration command. EEM will use a vty line when a vty line is not being used by EEM and there are available vty lines. EEM will also use a vty line when EEM is already using a vty line and there are three or more vty lines available. Be aware that the connection will fail when fewer than three vty lines are available, preserving the remaining vty lines for Telnet use
Syntax
cli_open
Embedded Event Manager Configuration Guide
221
EEM CLI Library Command Extensions cli_read
Arguments
None
Result String
"tty_id {%s} pty {%d} tty {%d} fd {%d}"
Event Type tty_id pty tty fd
Description
TTY ID.
PTY device name.
TTY device name.
CLI channel handler.
Set _cerrno
• Cannot get pty for EXEC.
• Cannot create an EXEC CLI session.
• Error reading the first prompt.
cli_read
Reads the command output from the specified command-line interface (CLI) channel handler until the pattern of the device prompt occurs in the contents read. Returns all the contents read up to the match.
Syntax
cli_read fd
Arguments
fd (Mandatory) The CLI channel handler.
Result String
All the contents read.
Set _cerrno
Cannot get device name.
222
Embedded Event Manager Configuration Guide
EEM CLI Library Command Extensions cli_read_drain
Note
This Tcl command extension will block waiting for the device prompt to show up in the contents read.
cli_read_drain
Reads and drains the command output of the specified command-line interface (CLI) channel handler. Returns all the contents read.
Syntax
cli_read_drain fd
Arguments
fd (Mandatory) The CLI channel handler.
Result String
All the contents read.
Set _cerrno
None
cli_read_line
Reads one line of the command output from the specified command-line interface (CLI) channel handler.
Returns the line read.
Syntax
cli_read_line fd
Arguments
fd (Mandatory) The CLI channel handler.
Result String
The line read.
Set _cerrno
None
Embedded Event Manager Configuration Guide
223
EEM CLI Library Command Extensions cli_read_pattern
Note
This Tcl command extension will block waiting for the end of line to show up in the contents read.
cli_read_pattern
Reads the command output from the specified command-line interface (CLI) channel handler until the pattern that is to be matched occurs in the contents read. Returns all the contents read up to the match.
Note
The pattern matching logic attempts a match by looking at the command output data as it is delivered from the Cisco IOS command. The match is always done on the most recent 256 characters in the output buffer unless there are fewer characters available, in which case the match is done on fewer characters. If more than 256 characters in the output buffer are required for the match to succeed, the pattern will not match.
Syntax
cli_read_pattern fd ptn
Arguments
fd ptn
(Mandatory) The CLI channel handler.
(Mandatory) The pattern to be matched when reading the command output from the channel.
Result String
All the contents read.
Set _cerrno
None
Note
This Tcl command extension will block waiting for the specified pattern to show up in the contents read.
cli_run
Iterates over the items in the clist and assumes that each one is a command-line-interface (CLI) command to be executed in the enable mode. On success, returns the output of all executed commands and on failure, returns error from the failure.
224
Embedded Event Manager Configuration Guide
EEM CLI Library Command Extensions cli_run_interactive
Syntax
cli_run clist
Arguments
clist (Mandatory) The list of commands to be executed.
Result String
Output of all the commands that are executed or an error message.
Set _cerrno
None.
Sample Usage
The following example shows how to use the cli_run command extension.
set clist [list {sh run} {sh ver} {sh event man pol reg}] cli_run { clist }
cli_run_interactive
Provides a sublist to the clist which has three items. On success, returns the output of all executed commands and on failure, returns error from the failure. Also uses arrays when possible as a way of making things easier to read later by keeping expect and reply separated.
Syntax
cli_run_interactive clist
Arguments
clist (Mandatory) List of three items:
• command– Command to be executed
• expect– A regular expression pattern match for the expected reply prompt
• responses– A list of possible responses to the reply prompt constructed as an array of two items:
• expect– A regular expression pattern match for a possible reply prompt
• reply- A reply for that expected prompt
Embedded Event Manager Configuration Guide
225
EEM CLI Library Command Extensions cli_write
Result String
Output of all the commands that are executed or an error message. As each command is executed its output is appended to a result variable. Upon exhaustion of the input list, the CLI channel is closed and the aggregate result is returned.
Set _cerrno
None.
Sample Usage
The following example shows how to clear counters for interface fa0/0 use the cli_run_ interactive command extension.
set cmdarr(command) "clear counters fa0/0" set cmdarr(responses) [list] set resps(expect) {[confirm]} set resps(reply) "y" lappend cmdarr(responses) [array get resps] set rc [catch {cli_run_interactive [list [array get cmdarr]]} result]
Possible errors raised include:
• cannot get pty for exec
• cannot spawn exec
• error reading the first prompt
• error reading the channel
• cannot close channel
cli_write
Writes the command that is to be executed to the specified CLI channel handler. The CLI channel handler executes the command.
Syntax
cli_write fd cmd
Arguments
fd cmd
(Mandatory) The CLI channel handler.
(Mandatory) The CLI command to execute.
Result String
None
226
Embedded Event Manager Configuration Guide
EEM CLI Library Command Extensions cli_write
Set _cerrno
None
Sample Usage
As an example, use configuration CLI commands to bring up Ethernet interface 1/0: if [catch {cli_open} result] { puts stderr $result exit 1
} else { array set cli1 $result
} if [catch {cli_exec $cli1(fd) "en"} result] { puts stderr $result exit 1
} if [catch {cli_exec $cli1(fd) "config t"} result] { puts stderr $result exit 1
} if [catch {cli_exec $cli1(fd) "interface Ethernet1/0"} result] { puts stderr $result exit 1
} if [catch {cli_exec $cli1(fd) "no shut"} result] { puts stderr $result exit 1
} if [catch {cli_exec $cli1(fd) "end"} result] { puts stderr $result exit 1
} if [catch {cli_close $cli1(fd) $cli1(tty_id)} } result] { puts stderr $result exit 1
Using the CLI Library to Run a Noninteractive Command
To run a noninteractive command, use the cli_exec command extension to issue the command, and then wait for the complete output and the device prompt. For example, the following shows the use of configuration
CLI commands to bring up Ethernet interface 1/0: if [catch {cli_open} result] { error $result $errorInfo
} else { set fd $result
} if [catch {cli_exec $fd "en"} result] { error $result $errorInfo
} if [catch {cli_exec $fd "config t"} result] { error $result $errorInfo
} if [catch {cli_exec $fd "interface Ethernet1/0"} result] { error $result $errorInfo
} if [catch {cli_exec $fd "no shut"} result] { error $result $errorInfo
} if [catch {cli_exec $fd "end"} result] { error $result $errorInfo
} if [catch {cli_close $fd} result] { error $result $errorInfo
}
Embedded Event Manager Configuration Guide
227
EEM CLI Library Command Extensions cli_write
Using the CLI Library to Run an Interactive Command
To run interactive commands, three phases are needed:
• Phase 1: Issue the command using the cli_write command extension.
• Phase 2: Q&A Phase. Use the cli_read_pattern command extension to read the question (the regular pattern that is specified to match the question text) and the cli_write command extension to write back the answers alternately.
• Phase 3: Noninteractive phase. All questions have been answered, and the command will run to completion. Use the cli_read command extension to wait for the complete output of the command and the device prompt.
For example, use CLI commands to do squeeze bootflash: and save the output of this command in the Tcl variable cmd_output.
if [catch {cli_open} result] { error $result $errorInfo
} else { array set cli1 $result
} if [catch {cli_exec $cli1(fd) "en"} result] { error $result $errorInfo
}
# Phase 1: issue the command if [catch {cli_write $cli1(fd) "squeeze bootflash:"} result] { error $result $errorInfo
}
# Phase 2: Q&A phase
# wait for prompted question:
# All deleted files will be removed. Continue? [confirm] if [catch {cli_read_pattern $cli1(fd) "All deleted"} result] { error $result $errorInfo
}
# write a newline character if [catch {cli_write $cli1(fd) "\n"} result] { error $result $errorInfo
}
# wait for prompted question:
# Squeeze operation may take a while. Continue? [confirm] if [catch {cli_read_pattern $cli1(fd) "Squeeze operation"} result] { error $result $errorInfo
}
# write a newline character if [catch {cli_write $cli1(fd) "\n"} result] { error $result $errorInfo
}
# Phase 3: noninteractive phase
# wait for command to complete and the router prompt if [catch {cli_read $cli1(fd) } result] { error $result $errorInfo
} else { set cmd_output $result
} if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] { error $result $errorInfo
}
The following example causes a device to be reloaded using the CLI reload command. Note that the EEM
action_reload command accomplishes the same result in a more efficient manner, but this example is presented to illustrate the flexibility of the CLI library for interactive command execution.
# 1. execute the reload command
228
Embedded Event Manager Configuration Guide
EEM CLI Library Command Extensions cli_write
if [catch {cli_open} result] { error $result $errorInfo
} else { array set cli1 $result
} if [catch {cli_exec $cli1(fd) "en"} result] { error $result $errorInfo
} if [catch {cli_write $cli1(fd) "reload"} result] { error $result $errorInfo
} else { set cmd_output $result
} if [catch {cli_read_pattern $cli1(fd) ".*(System configuration has been modified. Save\\\?
\\\[yes/no\\\]: )"} result] { error $result $errorInfo
} else { set cmd_output $result
} if [catch {cli_write $cli1(fd) "no"} result] { error $result $errorInfo
} else { set cmd_output $result
} if [catch {cli_read_pattern $cli1(fd) ".*(Proceed with reload\\\? \\\[confirm\\\])"} result]
{ error $result $errorInfo
} else { set cmd_output $result
} if [catch {cli_write $cli1(fd) "y"} result] { error $result $errorInfo
} else { set cmd_output $result
} if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] { error $result $errorInfo
}
Embedded Event Manager Configuration Guide
229
cli_write
EEM CLI Library Command Extensions
230
Embedded Event Manager Configuration Guide
C H A P T E R
8
EEM CLI Library XML-PI Support
XML Programmatic Interface (XML-PI) was introduced in Cisco IOS Release 12.4(22)T. XML-PI provides a programmable interface which encapsulates IOS command-line interface (CLI) show commands in XML format in a consistent way across different Cisco products. Customers using XML-PI will be able to parse
IOS show command output from within Tcl scripts using well-known keywords instead of having to depend on the use of regular expression support to "screen-scrape" output.
The benefit of using the XML-PI command extensions is to facilitate the extraction of specific output information that is generated using a CLI show command. Most show commands return many fields within the output and currently a regular expression has to be used to extract specific information that may appear in the middle of a line. XML-PI support provides a set of Tcl library functions to facilitate the parsing of output from the IOS CLI format extension in the form of:
show
< show-command
> |
format
{ spec-file
} where a spec-file is a concatenation of all Spec File Entries (SFE) for each show command currently supported.
As part of the XML-PI project a default spec-file will be included in the IOS Release 12.4(22)T images. The default spec-file will have a small set of commands and the SFE for the commands will have a subset of the possible tags. If no spec-file is provided with the format command, the default spec-file is used.
For more general details about XML-PI, see the "XML-PI" module.
•
•
•
•
xml_pi_exec
Writes the XML-PI command specified using the cmd argument to the channel whose handler is specified using the fd argument and the spec-file specified by the spec_file argument to execute the command. The raw
XML output data of the command is then read from the channel and the XML output is returned.
Embedded Event Manager Configuration Guide
231
EEM CLI Library XML-PI Support xml_pi_parse
Syntax
xml_pi_show fd cmd [spec_file]
Arguments
fd cmd spec_file
(Mandatory) The CLI library file descriptor obtained from cli_open.
(Mandatory) IOS show command.
(Optional) IOS CLI show command spec_file.
Result String
Result of IOS show command in XML format.
Set _cerrno
Possible error raised:
1. error reading the channel
xml_pi_parse
Processes the XML show command raw output passed into this function as xml_data and retrieve those fields that are specified by xml_tags_list. The following processing occurs:
Step 1: The XML tag list is validated as a Tcl list. An XML tag can be specified as the low order XML tag name or as a fully qualified XML tag name in case the low order name is ambiguous for a given command.
Example tags: <Interface> <ShowIpInterfaceBrief><IPInterfaces><entry><Interface>
Step 2: The xml_data is validated as valid XML and parsed into an XML parse tree.
Step 3: A walk is made through the XML parse tree and each tag is compared with entries in the XML tag list. When a match occurs it is determined if the tag name matches a Tcl procedure defined within the current
Tcl scope. If so, that Tcl procedure will be called with the current result. If not, the tag name and the data associated with that tag name will be appended to the current result.
Syntax
xml_pi_parse fd xml_show_cmd_output xml_tags_list
Arguments
fd xml_show_cmd_output
(Mandatory) The CLI library file descriptor obtained from cli_open.
(Mandatory) Output of xml_pi_show command extension in xml format.
232
Embedded Event Manager Configuration Guide
EEM CLI Library XML-PI Support xml_pi_read
xml_tags_list (Mandatory) List of interesting tags.
Result String
Data in a Tcl array indexed by XML tag name.
Note
The current result is reset after Tcl procedure calls.
Set _cerrno
Possible errors raised:
1. error splitting the XML tags list 2. null XML tag list specified 3. XML tag tree exceeds 20 levels 4. called
Tcl procedure returned an error 5. memory allocation failure 6. XML parse failure 7. failed to create XML domain
xml_pi_read
Reads the XML-PI command output (from the specified show command) from the CLI channel whose handler is given by the file descriptor until the pattern of the router prompt occurs in the contents that are read. Returns all the contents read up to the match in XML format.
Syntax
xml_pi_read fd
Arguments
fd (Mandatory) The CLI library file descriptor obtained from cli_open.
Result String
All the contents that are read in XML format.
Set _cerrno
Possible errors raised:
1. cannot get router name 2. command error
xml_pi_write
Writes the XML-PI command specified using the cmd argument to the channel whose handler is given by the fd argument and the spec file specified by the spec_file argument.
Embedded Event Manager Configuration Guide
233
EEM CLI Library XML-PI Support xml_pi_write
Syntax
xml_pi_write fd cmd spec_file
Arguments
fd cmd spec_file
(Mandatory) The CLI library file descriptor obtained from cli_open.
(Mandatory) IOS show command.
(Optional) IOS CLI show command spec_file.
Result String
None
Set _cerrno
None
Sample Usage of the XML-PI feature
The following EEM policy (sample.tcl) presents one example that illustrates five different implementations of the new EEM XML-PI functionality. The odm spec-file (required for Example 2) follows this policy.
::cisco::eem::event_register_none maxrun 60 namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# open the cli_lib.tcl channel if [catch {cli_open} result] { error $result $errorInfo
} else { array set cli1 $result
}
# enter "enable" privilege mode if [catch {cli_exec $cli1(fd) "en"} result] { error $result $errorInfo
}
# Example 1:
#
# Detect if XML-PI is present in this image
# Invoke xml_pi_exec with the default spec file for the "show inventory"
# command. After the command executes $result contains the raw XML data if
# the command is successful.
if [catch {xml_pi_exec $cli1(fd) "show inventory" ""} result] { puts "Example 1: XML-PI support is not present in this image - exiting" exit
} else { puts "Example 1: XML-PI support is present in this image"
}
# Example 2:
#
# In the next example we demonstrate how to extract two data elements
# from the "show version" command using the specified XML-PI spec file.
# The raw output from this command is as follows:
#
# Device#show version | format disk2:speceemtest.odm
# <?xml version="1.0" encoding="UTF-8"?>
# <ShowVersion>
# <Version>12.4(20071029:194217)</Version>
234
Embedded Event Manager Configuration Guide
EEM CLI Library XML-PI Support xml_pi_write
# <Compiled>Thu 08-Nov-07 11:28</Compiled>
# <ROM>System Bootstrap, Version 12.2(20030826:190624) [BLD-npeg1_rommon_r11 102],
DEVELOPMENT</ROM>
# <uptime>17 minutes</uptime>
# <processor>NPE-G1</processor>
# <bytesofmemory>983040K/65536K</bytesofmemory>
# <CPU>700MHz</CPU>
# <L2Cache>0.2</L2Cache>
# <GigabitEthernetinterfaces>3</GigabitEthernetinterfaces>
# <bytesofNVRAM>509K</bytesofNVRAM>
# <bytesofATAPCMCIAcard>125952K</bytesofATAPCMCIAcard>
# <Sectorsize>512 bytes</Sectorsize>
# <bytesofFlashinternalSIMM>16384K</bytesofFlashinternalSIMM>
# <Configurationregister>0x2100</Configurationregister>
# </ShowVersion>
#
# Invoke xml_pi_exec with the spec file "disk2:speceemtest.odm" for the
# "show version" command. After the command executes $result contains
# the raw XML data.
if [catch {xml_pi_exec $cli1(fd) "show version" "disk2:speceemtest.odm"} result] { error $result $errorInfo
} else {
# Pass the raw XML data to the xml_pi_parse routine to extract fields
# of interest:
# we ask that only the <processor> and <CPU> fields be returned.
array set xml_result [xml_pi_parse $cli1(fd) $result "<processor> <CPU>"] puts "Example 2: Processor is $xml_result(<processor>) CPU is $xml_result(<CPU>)"
}
# Example 3:
#
# In the next example we demonstrate how to extract two data elements
# from the multi-record "show inventory" command using the default built-in
# XML-PI spec file. Sample raw output from this command is as follows:
#
# Device#show inventory | format
# <?xml version="1.0" encoding="UTF-8"?>
# <ShowInventory>
# <SpecVersion>built-in</SpecVersion>
# <InventoryEntry>
# <ChassisName>"Chassis"</ChassisName>
# <Description>"Cisco 7206VXR, 6-slot chassis"</Description>
# <PID>CISCO7206VXR</PID>
# <VID>
# </VID>
# <SN>31413378 </SN>
# </InventoryEntry>
# <InventoryEntry>
# <ChassisName>"NPE-G1 0"</ChassisName>
# <Description>"Cisco 7200 Series Network Processing Engine
NPE-G1"</Description>
# <PID>NPE-G1</PID>
# <VID>
# </VID>
# <SN>31493825 </SN>
# </InventoryEntry>
# <InventoryEntry>
# <ChassisName>"disk2"</ChassisName>
# <Description>"128MB Compact Flash Disk for NPE-G1"</Description>
# <PID>MEM-NPE-G1-FLD128</PID>
# <VID>
# </VID>
# <SN>NAME: "module 1"</SN>
# </InventoryEntry>
# <InventoryEntry>
# <ChassisName>"module 1"</ChassisName>
# <Description>"Dual Port FastEthernet (RJ45)"</Description>
# <PID>PA-2FE-TX</PID>
# <VID>
# </VID>
# <SN>JAE0827NGKX</SN>
# </InventoryEntry>
# <InventoryEntry>
# <ChassisName>"Power Supply 2"</ChassisName>
Embedded Event Manager Configuration Guide
235
EEM CLI Library XML-PI Support xml_pi_write
# <Description>"Cisco 7200 AC Power Supply"</Description>
# <PID>PWR-7200-AC</PID>
# <VID>
# </VID>
# </InventoryEntry>
# </ShowInventory>
#
# Define a procedure to be called every time the <InventoryEntry> tag
# is processed. Since this tag precedes each new output record, the data
# that is passed into this procedure contains the fields that have been
# requested via xml_pi_parse since the previous time this procedure was
# called.
proc <InventoryEntry> {xml_line} { global num
# The first time that this function is called there is no data and
# xml_line will be null.
if [string length $xml_line] { array set xml_result $xml_line incr num set output [format "Example 3: Item %2d %-18s %s" \
$num $xml_result(<PID>) $xml_result(<Description>)] puts $output
}
} set num 0
# Invoke xml_pi_exec with the default built-in spec file for the
# "show inventory" command. After the command executes $result contains
# the raw XML data.
if [catch {xml_pi_exec $cli1(fd) "show inventory"} result] { error $result $errorInfo
} else {
# Pass the raw XML data to the xml_pi_parse routine to extract fields
# of interest:
# we ask that only the <PID> and <Description> fields be returned.
# If an XML tag name is requested and a Tcl proc exists with that name,
# the Tcl proc will be called every time that tag is encountered in the
# output data. Specify the <InventoryEntry> tag and define the proc
# before executing the xml_pi_parse statement.
array set xml_result [xml_pi_parse $cli1(fd) $result \
"<InventoryEntry> <PID> <Description>"]
# Display the data from the last record.
incr num set output [format "Example 3: Item %2d %-18s %s" \
$num $xml_result(<PID>) $xml_result(<Description>)] puts $output
}
# Example 4:
#
# In the next example we demonstrate how to extract two data elements
# from the multi-record "show ip interface brief" command using the default
# built-in XML-PI spec file. Sample raw output from this command is as
# follows:
#
# Device#show ip interface brief | format
# <?xml version="1.0" encoding="UTF-8"?>
# <ShowIpInterfaceBrief>
# <SpecVersion>built-in</SpecVersion>
# <IPInterfaces>
# <entry>
# <Interface>GigabitEthernet0/1</Interface>
# <IP-Address>172.19.209.34</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>up</Status>
# <Protocol>up</Protocol>
# </entry>
# <entry>
# <Interface>GigabitEthernet0/2</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
236
Embedded Event Manager Configuration Guide
EEM CLI Library XML-PI Support
# </entry>
# <entry>
# <Interface>GigabitEthernet0/3</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
# </entry>
# <entry>
# <Interface>FastEthernet1/0</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
# </entry>
# <entry>
# <Interface>FastEthernet1/1</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
# </entry>
# </IPInterfaces>
# </ShowIpInterfaceBrief>
#
# Define a procedure to be called every time the fully qualified name
# <ShowIpInterfaceBrief><IPInterfaces><entry> tag is processed. Since
# this tag precedes each new output record, the data that is passed into
# this procedure contains the fields that have been requested via
# xml_pi_parse since the previous time this procedure was called.
proc <ShowIpInterfaceBrief><IPInterfaces><entry> {xml_line} { global num
# The first time that this function is called there is no data and
# xml_line will be null.
if [string length $xml_line] { array set xml_result $xml_line incr num set output [format "Example 4: Interface %2d %-30s %s" \
$num $xml_result(<Interface>) $xml_result(<Status>)] puts $output
} else { puts "Example 4: Display All Interfaces"
}
} set num 0
# Invoke xml_pi_exec with the default built-in spec file for the
# "show ip interface brief" command. After the command executes $result
# contains the raw XML data.
if [catch {xml_pi_exec $cli1(fd) "show ip interface brief"} result] { error $result $errorInfo
} else {
# Pass the raw XML data to the xml_pi_parse routine to extract fields
# of interest:
# we ask that only the <Interface> and <Status> fields be returned.
# If an XML tag name is requested and a Tcl proc exists with that name,
# the Tcl proc will be called every time that tag is encountered in the
# output data. Specify the <entry> tag and define the proc
# before executing the xml_pi_parse statement.
array set xml_result [xml_pi_parse $cli1(fd) $result \
"<ShowIpInterfaceBrief><IPInterfaces><entry> <Interface> <Status>"]
# Display the data from the last record.
incr num set output [format "Example 4: Interface %2d %-30s %s" \
$num $xml_result(<Interface>) $xml_result(<Status>)] puts $output
}
# Example 5:
#
# In the next example we demonstrate how to extract two data elements
# from the multi-record "show ip interface brief" command using the default
xml_pi_write
Embedded Event Manager Configuration Guide
237
EEM CLI Library XML-PI Support xml_pi_write
# built-in XML-PI spec file. Sample raw output from this command is as
# follows:
#
# Device#show ip interface brief | format
# <?xml version="1.0" encoding="UTF-8"?>
# <ShowIpInterfaceBrief>
# <SpecVersion>built-in</SpecVersion>
# <IPInterfaces>
# <entry>
# <Interface>GigabitEthernet0/1</Interface>
# <IP-Address>172.19.209.34</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>up</Status>
# <Protocol>up</Protocol>
# </entry>
# <entry>
# <Interface>GigabitEthernet0/2</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
# </entry>
# <entry>
# <Interface>GigabitEthernet0/3</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
# </entry>
# <entry>
# <Interface>FastEthernet1/0</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
# </entry>
# <entry>
# <Interface>FastEthernet1/1</Interface>
# <IP-Address>unassigned</IP-Address>
# <OK>YES</OK>
# <Method>NVRAM</Method>
# <Status>administratively down</Status>
# <Protocol>down</Protocol>
# </entry>
# </IPInterfaces>
# </ShowIpInterfaceBrief>
#
# Note: This example is the same as Example 4 with the exception that
# the new record procedure is called by the un-qualified tag name. The
# ability to specify the un-qualified tag names is simplier but only works
# if the un-qualified name is used once per Tcl program. In this example
# the unqualified new record tag name is "<entry>" which is a very
# common name in the Cisco spec file.
# Define a procedure to be called every time the <entry> tag
# is processed. Since this tag precedes each new output record, the data
# that is passed into this procedure contains the fields that have been
# requested via xml_pi_parse since the previous time this procedure was
# called.
proc <entry> {xml_line} { global num
# The first time that this function is called there is no data and
# xml_line will be null.
if [string length $xml_line] { array set xml_result $xml_line incr num if ([string equal $xml_result(<Status>) "up"]) { set output [format "Example 5: Interface %2d %-30s %s" \
$num $xml_result(<Interface>) $xml_result(<Status>)] puts $output
238
Embedded Event Manager Configuration Guide
EEM CLI Library XML-PI Support xml_pi_write
}
} else { puts "Example 5: Display All Interfaces That Are Up"
}
} set num 0
# Invoke xml_pi_exec with the default built-in spec file for the
# "show ip interface brief" command. After the command executes $result
# contains the raw XML data.
if [catch {xml_pi_exec $cli1(fd) "show ip interface brief"} result] { error $result $errorInfo
} else {
# Pass the raw XML data to the xml_pi_parse routine to extract fields
# of interest:
# we ask that only the <Interface> and <Status> fields be returned.
# If an XML tag name is requested and a Tcl proc exists with that name,
# the Tcl proc will be called every time that tag is encountered in the
# output data. Specify the <entry> tag and define the proc
# before executing the xml_pi_parse statement.
array set xml_result [xml_pi_parse $cli1(fd) $result \
"<entry> <Interface> <Status>"]
# Display the data from the last record.
incr num if ([string equal $xml_result(<Status>) "up"]) { set output [format "Example 5: Interface %2d %-30s %s" \
$num $xml_result(<Interface>) $xml_result(<Status>)] puts $output
}
}
Sample XML-PI spec eemtest.odm ODM File:
### show version
<?xml version='1.0' encoding='utf-8'?>
<ODMSpec>
<Command>
<Name>show version</Name>
</Command>
<OS>ios</OS>
<DataModel>
<Container name="ShowVersion">
<Property name="Version" distance = "1.0" length = "1" type = "IpAddress"/>
<Property name="Technical Support" distance = "1.0" length = "1" type = "IpAddress"/>
<Property name="Compiled" distance = "1.0" length = "3" type = "String"/>
<Property name="ROM" distance = "1.0" length = "7" type = "IpAddress"/>
<Property name="uptime" distance = "2" length = "8" type = "String"/>
<Property name="image" distance = "4" length = "1" type = "IpAddress"/>
<Property name="processor" distance = "-1" length = "1" type = "String"/>
<Property name="bytes of memory" distance = "-1" length = "1" type = "Port"/>
<Property name="CPU" distance = "2" length = "1" end-delimiter = "," type = "String"/>
<Property name="L2 Cache" distance = "-2" length = "1" end-delimiter = "," type = "String"/>
<Property name="Gigabit Ethernet interfaces" distance = "-1" length = "1" type = "Integer"/>
<Property name="bytes of NVRAM" distance = "-1" length = "1" type = "String"/>
<Property name="bytes of ATA PCMCIA card" distance = "-1" length = "1" type = "String"/>
<Property name="Sector size" distance = "1.0" length = "2" end-delimiter = ")" type =
"String"/>
<Property name="bytes of Flash internal SIMM" distance = "-1" length = "1" type = "String"/>
<Property name="Configuration register" distance = "2" length = "1" type = "String"/>
</Container>
</DataModel>
</ODMSpec>
Example sample.tcl Run:
Device#config t
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)#event manager policy sample.tcl
Device(config)#end
Embedded Event Manager Configuration Guide
239
xml_pi_write
EEM CLI Library XML-PI Support
Device#
Oct 10 20:21:26: %SYS-5-CONFIG_I: Configured from console by console
Device#event manager run sample.tcl
Example 1: XML-PI support is present in this image
Example 2: Processor is NPE-G1 CPU is 700MHz
Example 3: Item 1 CISCO7206VXR "Cisco 7206VXR, 6-slot chassis"
Example 3: Item 2 NPE-G1 "Cisco 7200 Series Network Processing Engine NPE-G1"
Example 3: Item 3 MEM-NPE-G1-FLD128 "128MB Compact Flash Disk for NPE-G1"
Example 3: Item 4 PA-2FE-TX "Dual Port FastEthernet (RJ45)"
Example 3: Item 5 PWR-7200-AC "Cisco 7200 AC Power Supply"
Example 4: Display All Interfaces
Example 4: Interface 1 GigabitEthernet0/1 up
Example 4: Interface 2 GigabitEthernet0/2 administratively down
Example 4: Interface 3 GigabitEthernet0/3 administratively down
Example 4: Interface 4 FastEthernet1/0 administratively down
Example 4: Interface 5 FastEthernet1/1 administratively down
Example 4: Interface 6 SSLVPN-VIF0 up
Example 5: Display All Interfaces That Are Up
Example 5: Interface 1 GigabitEthernet0/1 up
Example 5: Interface 6 SSLVPN-VIF0 up
240
Embedded Event Manager Configuration Guide
C H A P T E R
9
EEM Context Library Command Extensions
All the Tcl context library command extensions belong to the ::cisco::eem namespace.
•
•
context_retrieve
Retrieves Tcl variable(s) identified by the given context name, and possibly the scalar variable name, the array variable name, and the array index. Retrieved information is automatically deleted.
Note
Once saved information is retrieved, it is automatically deleted. If that information is needed by another policy, the policy that retrieves it (using the context_retrieve command extension) should also save it again (using the context_save command extension).
Syntax
context_retrieve ctxt [var] [index_if_array]
Arguments
ctxt var index_if_array
(Mandatory) Context name.
(Optional) Scalar variable name or array variable name. Defaults to a null string if this argument is not specified.
(Optional) The array index.
Embedded Event Manager Configuration Guide
241
EEM Context Library Command Extensions context_retrieve
Note
The index_if_array argument will be ignored when the var argument is a scalar variable.
If var is unspecified, retrieves the whole variable table saved in the context.
If var is specified and index_if_array is not specified, or if index_if_array is specified but var is a scalar variable, retrieves the value of var.
If var is specified, and index_if_array is specified, and var is an array variable, retrieves the value of the specified array element.
Result String
Resets the Tcl global variables to the state that they were in when the save was performed.
Set _cerrno
• A string displaying _cerrno, _cerr_sub_num, _cerr_sub_err, _cerr_posix_err, _cerr_str due to appl_reqinfo error.
• Variable is not in the context.
Sample Usage
The following examples show how to use the context_saveand context_retrieve command extension functionality to save and retrieve data. The examples are shown in save and retrieve pairs.
Example 1: Save
If var is unspecified or if a pattern if specified, saves multiple variables to the context.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* set testvara 123 set testvarb 345 set testvarc 789 if {[catch {context_save TESTCTX "testvar*"} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else { action_syslog msg "context_save succeeded"
}
Example 1: Retrieve
If var is unspecified, retrieves multiple variables from the context.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {foreach {var value} [context_retrieve TESTCTX] {set $var $value}} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvara]} { action_syslog msg "testvara exists and is $testvara"
} else { action_syslog msg "testvara does not exist"
242
Embedded Event Manager Configuration Guide
EEM Context Library Command Extensions context_retrieve
} if {[info exists testvarb]} { action_syslog msg "testvarb exists and is $testvarb"
} else { action_syslog msg "testvarb does not exist"
} if {[info exists testvarc]} { action_syslog msg "testvarc exists and is $testvarc"
} else { action_syslog msg "testvarc does not exist"
}
Example 2: Save
If var is specified, saves the value of var.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* set testvar 123 if {[catch {context_save TESTCTX testvar} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else { action_syslog msg "context_save succeeded"
}
Example 2: Retrieve
If var is specified and index_if_array is not specified, or if index_if_array is specified but var is a scalar variable, retrieves the value of var.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {set testvar [context_retrieve TESTCTX testvar]} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvar]} { action_syslog msg "testvar exists and is $testvar"
} else { action_syslog msg "testvar does not exist"
}
Example 3: Save
If var is specified, saves the value of var even if it is an array.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* array set testvar "testvar1 ok testvar2 not_ok" if {[catch {context_save TESTCTX testvar} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else { action_syslog msg "context_save succeeded"
}
Embedded Event Manager Configuration Guide
243
EEM Context Library Command Extensions context_save
Example 3: Retrieve
If var is specified, and index_if_array is not specified, and var is an array variable, retrieves the entire array.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {array set testvar [context_retrieve TESTCTX testvar]} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvar]} { action_syslog msg "testvar exists and is [array get testvar]"
} else { action_syslog msg "testvar does not exist"
}
Example 4: Save
If var is specified, saves the value of var even if it is an array.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* array set testvar "testvar1 ok testvar2 not_ok" if {[catch {context_save TESTCTX testvar} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else { action_syslog msg "context_save succeeded"
}
Example 4: Retrieve
If var is specified, and index_if_array is specified, and var is an array variable, retrieves the specified array element value.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {set testvar [context_retrieve TESTCTX testvar testvar1]} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvar]} { action_syslog msg "testvar exists and is $testvar"
} else { action_syslog msg "testvar doesn't exist"
}
context_save
Saves Tcl variables that match a given pattern in current and global namespaces with the given context name as identification. Use this Tcl command extension to save information outside of a policy. Saved information can be retrieved by a different policy using the context_retrieve command extension.
244
Embedded Event Manager Configuration Guide
EEM Context Library Command Extensions context_save
Note
Once saved information is retrieved, it is automatically deleted. If that information is needed by another policy, the policy that retrieves it (using the context_retrieve command extension) should also save it again (using the context_save command extension).
Syntax
context_save ctxt [pattern]
Arguments
ctxt pattern
(Mandatory) Context name.
(Optional) The glob-style pattern as used by the string
matchTcl command. If this argument is not specified, the pattern defaults to the wildcard *.
There are three constructs used in glob patterns:
• * = all characters
• ? = 1 character
• [abc] = match one of a set of characters
Result String
None
Set _cerrno
A string displaying _cerrno, _cerr_sub_num, _cerr_sub_err, _cerr_posix_err, _cerr_str due to appl_setinfo error.
Sample Usage
The following examples show how to use the context_saveand context_retrieve command extension functionality to save and retrieve data. The examples are shown in save and retrieve pairs.
Example 1: Save
If var is unspecified or if a pattern if specified, saves multiple variables to the context.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* set testvara 123 set testvarb 345 set testvarc 789 if {[catch {context_save TESTCTX "testvar*"} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else {
Embedded Event Manager Configuration Guide
245
context_save
EEM Context Library Command Extensions
action_syslog msg "context_save succeeded"
}
Example 1: Retrieve
If var is unspecified, retrieves multiple variables from the context.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {foreach {var value} [context_retrieve TESTCTX] {set $var $value}} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvara]} { action_syslog msg "testvara exists and is $testvara"
} else { action_syslog msg "testvara does not exist"
} if {[info exists testvarb]} { action_syslog msg "testvarb exists and is $testvarb"
} else { action_syslog msg "testvarb does not exist"
} if {[info exists testvarc]} { action_syslog msg "testvarc exists and is $testvarc"
} else { action_syslog msg "testvarc does not exist"
}
Example 2: Save
If var is specified, saves the value of var.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* set testvar 123 if {[catch {context_save TESTCTX testvar} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else { action_syslog msg "context_save succeeded"
}
Example 2: Retrieve
If var is specified and index_if_array is not specified, or if index_if_array is specified but var is a scalar variable, retrieves the value of var.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {set testvar [context_retrieve TESTCTX testvar]} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvar]} { action_syslog msg "testvar exists and is $testvar"
} else { action_syslog msg "testvar does not exist"
}
246
Embedded Event Manager Configuration Guide
EEM Context Library Command Extensions context_save
Example 3: Save
If var is specified, saves the value of var even if it is an array.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* array set testvar "testvar1 ok testvar2 not_ok" if {[catch {context_save TESTCTX testvar} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else { action_syslog msg "context_save succeeded"
}
Example 3: Retrieve
If var is specified, and index_if_array is not specified, and var is an array variable, retrieves the entire array.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {array set testvar [context_retrieve TESTCTX testvar]} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvar]} { action_syslog msg "testvar exists and is [array get testvar]"
} else { action_syslog msg "testvar does not exist"
}
Example 4: Save
If var is specified, saves the value of var even if it is an array.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* array set testvar "testvar1 ok testvar2 not_ok" if {[catch {context_save TESTCTX testvar} errmsg]} { action_syslog msg "context_save failed: $errmsg"
} else { action_syslog msg "context_save succeeded"
}
Example 4: Retrieve
If var is specified, and index_if_array is specified, and var is an array variable, retrieves the specified array element value.
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::* if {[catch {set testvar [context_retrieve TESTCTX testvar testvar1]} errmsg]} { action_syslog msg "context_retrieve failed: $errmsg"
} else { action_syslog msg "context_retrieve succeeded"
} if {[info exists testvar]} { action_syslog msg "testvar exists and is $testvar"
} else { action_syslog msg "testvar doesn't exist"
}
Embedded Event Manager Configuration Guide
247
context_save
EEM Context Library Command Extensions
248
Embedded Event Manager Configuration Guide
C H A P T E R
10
EEM Event Registration Tcl Command Extensions
The following conventions are used for the syntax documented on the Tcl command extension pages:
• An optional argument is shown within square brackets, for example:
[type ?]
• A question mark ? represents a variable to be entered.
• Choices between arguments are represented by pipes, for example: priority low|normal|high
Note
For all EEM Tcl command extensions, if there is an error, the returned Tcl result string contains the error information.
Note
Arguments for which no numeric range is specified take an integer from -2147483648 to 2147483647, inclusive.
•
•
•
event_register_counter, page 257
•
•
event_register_identity, page 267
•
event_register_interface, page 269
•
event_register_ioswdsysmon, page 276
•
event_register_ipsla, page 280
•
•
event_register_neighbor_discovery, page 285
Embedded Event Manager Configuration Guide
249
EEM Event Registration Tcl Command Extensions event_register_appl
•
•
•
•
event_register_process, page 298
•
event_register_resource, page 302
•
•
event_register_routing, page 307
•
•
•
event_register_snmp_notification, page 318
•
event_register_snmp_object, page 321
•
event_register_syslog, page 324
•
event_register_timer, page 328
•
event_register_timer_subscriber, page 333
•
event_register_track, page 336
•
event_register_wdsysmon, page 338
event_register_appl
Registers for an application event. Use this Tcl command extension to run a policy when an application event is triggered following another policy’s execution of an event_publish Tcl command extension; the
event_publish command extension publishes an application event.
In order to register for an application event, a subsystem must be specified. Either a Tcl policy or the internal
Embedded Event Manager (EEM) API can publish an application event. If the event is being published by a policy, the sub_system argument that is reserved for a policy is 798.
Syntax
event_register_appl [tag ?] sub_system ? type ? [queue_priority low|normal|high|last] [maxrun
?] [nice 0|1]
Arguments
tag (Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
250
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
sub_system type queue_priority maxrun
event_register_appl
(Mandatory) Number assigned to the EEM policy that published the application event. The number is set to
798 because all other numbers are reserved for Cisco use. If this argument is not specified, all components are matched.
(Mandatory) Event subtype within the specified event.
The sub_system and type arguments uniquely identify an application event. If this argument is not specified, all types are matched. If you specify this argument, you must choose an integer between 1 and
4294967295, inclusive.
There must be a match of component and type between the event_publish command extension and the event_register_applcommand extension in order for the publishing and registration to work.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
Embedded Event Manager Configuration Guide
251
EEM Event Registration Tcl Command Extensions event_register_appl
nice (Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
If multiple conditions exist, the application event will be raised when all the conditions are satisfied.
Result String
None
Set _cerrno
No
Event_reqinfo
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u"
"sub_system 0x%x type %u data1 {%s} data2 {%s} data3 {%s} data4 {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec sub_system type data1 data2 data3 data4
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the Embedded Event Manager
(EEM).
Number assigned to the EEM policy that published the application event. Number is set to 798 because all other numbers are reserved for Cisco use.
Event subtype within the specified component.
Argument data that is passed to the application-specific event when the event is published.
The data is character text, an environment variable, or a combination of the two.
252
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_cli
event_register_cli
Registers for a CLI event. Use this Tcl command extension to run a policy when a CLI command of a specific pattern is entered based on pattern matching performed against an expanded CLI command.
Note
The user can enter an abbreviated CLI command, such as sh mem summary, and the parser will expand the command to show memory summaryto perform the matching.
Note
The functionality provided in the CLI event detector only allows a regular expression pattern match on a valid IOS CLI command itself. This does not include text after a pipe character when redirection is used.
Syntax
event_register_cli [tag ?] sync yes|no skip yes|no
[occurs ?] [period ?] pattern ? [default ?] [enter] [questionmark] [tab] [mode]
[queue_priority low|normal|high|last] [maxrun ?] [nice 0|1]
Arguments
tag sync skip
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) A "yes" means that the policy (the event publish) will run synchronously with the CLI command; a "no" means that the event publish will be performed asynchronously with the CLI command.
The event detector will be notified when the policy completes running. The exit status of the policy indicates whether or not the CLI command should be executed: if the exit status is zero, which means that the policy is executed successfully, the CLI command will not be executed; otherwise, the CLI command will be executed.
Mandatory if the sync argument is "no" and should not exist if the sync argument is "yes." If the skip argument is "yes," it means that the CLI command should not be executed. If the skip argument is "no," it means that the CLI command should be executed.
Caution
When the skip argument is "yes," unintended results may be produced if the pattern match is made for configuration commands because the CLI command that matches the regular expression will not be executed.
Embedded Event Manager Configuration Guide
253
event_register_cli
occurs period pattern default
EEM Event Registration Tcl Command Extensions
(Optional) The number of occurrences before the event is raised. If this argument is not specified, the event is raised on the first occurrence. If this argument is specified, it must be an integer between 1 and
4294967295, inclusive.
(Optional) Specifies a backward looking time window in which all CLI events must occur (the occurs clause must be satisfied) in order for an event to be published
(specified in SSSSSSSSSS[.MMM] format, where
SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where
MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent event is used.
(Mandatory) Specifies the regular expression used to perform the CLI command pattern match.
(Optional) The time period during which the CLI event detector waits for the policy to exit (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If the default time period expires before the policy exits, the default action will be executed. The default action is to run the command. If this argument is not specified, the default time period is set to 30 seconds.
254
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
queue_priority enter questionmark tab mode
event_register_cli
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Specifies to perform the event match when the user presses the Enter key. When this parameter is used, the input string will not be expanded before matching.
(Optional) Specifies to perform the event match when the user presses the ? key. When this parameter is used, the input string will not be expanded before matching.
(Optional) Specifies to perform the event match when the user presses the Tab key. When this parameter is used, the input string will not be expanded before matching.
(Optional) Events will only be generated when the parser is in the specified parser mode. The available modes can be listed using the show parser dump
CLI command. The mode parameter is checked when any one of the optional parameters--enter, questionmark, or tab-- is specified.
Embedded Event Manager Configuration Guide
255
EEM Event Registration Tcl Command Extensions event_register_cli
maxrun nice
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
If multiple conditions are specified, the CLI event will be raised when all the conditions are matched.
Result String
None
Set _cerrno
No
Note
This policy runs before the CLI command is executed. For example, suppose policy_CLI is registered to run when the copy command is entered. When the copy command is entered, the CLI event detector finds a pattern match and triggers this policy to run. When the policy execution ends, the CLI event detector determines if the copy command needs to be executed according to "sync", "skip" (set in the policy), and the exit status of the policy execution if needed.
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u event_severity %u msg {%s} msg_count %d line %u key %u tty %u error_code %u"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec event_severity
The time, in seconds and milliseconds, at which the event was published to the EEM.
The severity of the event.
256
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_counter
Event Type msg msg_count line key tty error_code
Description
Text entered at the CLI prompt.
Number of times the pattern matched before the event was triggered.
The text the parser was able to expand up to the point where the matched key was entered.
The enter, questionmark, or tab key.
Corresponds to the line number the user is executing the command on.
The error code in CLI.
0 --No error from parser up to point where a key was entered.
1--Command is ambiguous up to point where a key was entered.
4--Unknown command up to point where a key was entered.
event_register_counter
Registers for a counter event as both a publisher and a subscriber. Use this Tcl command extension to run a policy on the basis of a named counter crossing a threshold. This event counter, as a subscriber, identifies the name of the counter to which it wants to subscribe and depends on another policy or another process to actually manipulate the counter. For example, let policyB act as a counter policy, whereas policyA (although it does not need to be a counter policy) uses register_counter, counter_modify, or unregister_counter Tcl command extensions to manipulate the counter defined in policyB.
Syntax
event_register_counter [tag ?] name ? entry_op gt|ge|eq|ne|lt|le entry_val ?
exit_op gt|ge|eq|ne|lt|le exit_val ? [queue_priority low|normal|high|last]
[maxrun ?] [nice 0|1]
Arguments
tag name
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) Name of the counter.
Embedded Event Manager Configuration Guide
257
event_register_counter
entry_op entry_val exit_op exit_val queue_priority maxrun
258
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Mandatory) Entry comparison operator used to compare the current counter value with the entry value; if true, an event will be raised and event monitoring will be disabled until exit criteria are met.
(Mandatory) Value with which the current counter value should be compared to decide if the counter event should be raised.
(Mandatory) Exit comparison operator used to compare the current counter value with the exit value; if true, event monitoring for this event will be reenabled.
(Mandatory) Value with which the current counter value should be compared to decide if the exit criteria are met.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
EEM Event Registration Tcl Command Extensions event_register_gold
nice (Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"name {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec name
The time, in seconds and milliseconds, when the event was published to the EEM.
Counter name.
event_register_gold
Registers for a Generic Online Diagnostic (GOLD) failure event. Use this Tcl command extension to run a policy on the basis of a Generic Online Diagnostic (GOLD) failure event for the specified card and subcard.
Syntax
event_register_gold card all|card_number
[subcard all|subcard_number]
[new_failure TRUE|FALSE]
[severity_major TRUE]
[severity_minor TRUE]
[severity_normal TRUE]
[action_notify TRUE|FALSE]
[testing_type [bootup|ondemand|schedule|monitoring]]
[test_name [testname]]
[test_id [testnumber]]
Embedded Event Manager Configuration Guide
259
EEM Event Registration Tcl Command Extensions event_register_gold
[consecutive_failure consecutive_failure_number]
[platform_action [action_flag]]
[maxrun ?]
[queue_priority low|normal|high|last]
[nice 0|1]
Arguments
card subcard new_failure severity_major severity_minor
(Mandatory) Specifies whether all cards or one card is to be monitored:
• card all--Specifies that all cards are to be monitored. This is the default.
• card-number--Specifies that the card identified by the number card-number is to be monitored.
This argument must be specified to complete the
event_register_goldTcl command extension.
(Optional) Specifies that one or more subcards are to be monitored:
• subcard all--Specifies that all subcards are to be monitored.
• subcard-number--Specifies that the subcard identified by the number subcard-number is to be monitored.
If this argument is not specified, all subcards are monitored by default.
(Optional) Specifies event criteria based on the new test failure information from GOLD:
• new_failure TRUE--Specifies that the event criterion for the new test failure is true from
GOLD.
• new_failure FALSE--Specifies that the event criterion for the new test failure is false from
GOLD.
If this argument is not specified, the new test failure information from GOLD is not considered in the event criteria.
(Optional) Specifies that the event criteria for diagnostic result matches with the diagnostic major error from GOLD.
(Optional) Specifies that the event criteria for diagnostic result matches with diagnostic minor error from GOLD.
260
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
severity_normal action_notify testing_type test_name
event_register_gold
(Optional) Specifies that the event criteria for diagnostic result matches with diagnostic normal from
GOLD. This is the default.
(Optional) Specifies the event criteria based on the action notify information from GOLD:
• action_notify TRUE--Specifies that the event criterion for the action notify is true from
GOLD.
• action_notify FALSE--Specifies that the event criterion for the action notify is false from
GOLD.
If this argument is not specified, the action notify information from GOLD is not considered in the event criteria.
(Optional) Specifies the event criteria based on the testing types of the diagnostic from GOLD:
• testing_type bootup--Specifies the diagnostic tests that are running on system bootup.
• testing_type ondemand--Specifies the diagnostic tests that are running from CLI after the card is online.
• testing_type schedule--Specifies the scheduled diagnostic tests.
• testing_type monitoring--Specifies the diagnostic tests that are running periodically in the background to monitor the health of the system.
If this argument is not specified, the testing type information from GOLD is not considered in the event criteria and the policy applies to all the diagnostic testing types.
(Optional) Specifies the event criteria based on the test name:
• test_name test-name--Specifies the event criteria based on the test with the name test-name.
If this argument is not specified, the test name information from GOLD is not considered in the event criteria.
Embedded Event Manager Configuration Guide
261
event_register_gold
test_id consecutive_failure platform_action
EEM Event Registration Tcl Command Extensions
(Optional) Specifies the event criteria based on test
ID:
• test_id test-id--Specifies the event criteria based on the test with the ID number test-id. The maximum value of test-id is 65535.
Note
Because the test ID can be different for the same test on different line cards, usually the test_name keyword should be used instead.
If the test ID is specified and conflicts with the specified test name, the test name overwrites the test ID.
If this argument is not specified, test ID information from GOLD is not considered in the event criteria.
(Optional) Specifies the event criteria based on consecutive test failure information from GOLD:
• consecutive_failure consecutive-failure-number--Specifies that the event criterion is based on the occurrence of consecutive-failure-number consecutive test failures.
If this argument is not specified, consecutive test failure information from GOLD is not considered in the event criteria.
(Optional) Specifies whether callback to the platform is needed when all the event criteria are matched.
When callback is needed, the platform needs to register a callback function through the provided registry.
• platform_action action-flag-number--Specifies that, when callback to the platform is needed, specific information is specified by the platform-specific action-flag-number value. The maximum value of action-flag-number is 65535.
Note
It is up to the platform to determine what action needs to be taken based on the flag.
If this argument is not specified, there is no callback.
262
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
maxrun queue_priority nice
event_register_gold
(Optional) Specifies the maximum runt time of the script.
• maxrun max-run-time-number--Specifies that the maximum run time of the script is max-run-time-number seconds. The maximum value of max-run-time-number is 4294967295 seconds.
If this argument is not specified, the default run time is 20 seconds.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Policy run-time priority setting:
• nice 0--Specifies that the policy is run at the default run-time priority level.
• nice 1--Specifies that the policy is run at a run-time priority that is less than the default priority.
If this argument is not specified, the default run-time priority is used.
Embedded Event Manager Configuration Guide
263
EEM Event Registration Tcl Command Extensions event_register_gold
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u card %u sub_card %u"
"event_severity {%s} event_pub_sec %u event_pub_msec %u overall_result %u"
"new_failure {%s} action_notify {%s} tt %u tc %u bl %u ci %u pc %u cn {%s}"
"sn {%s} tn# {%s} ta# %s ec# {%s} rc# %u lf# {%s} tf# %u cf# %u tr# {%s}"
"tr#p# {%s} tr#d# {%s}"
Event Type Description action_notify
Action notify information in GOLD event: true or false.
bl
The boot-up diagnostic level, which can be one of the following values:
• 0: complete diagnostic
• 1: minimal diagnostics
• 2: bypass diagnostic
card
cf testnum
ci cn
ec testnum
event_id event_pub_msec event_pub_sec
Card information for the GOLD event.
Consecutive failure, where testnum is the test number.
For example, cf3 is the EEM built-in environment variable for consecutive failure of test 3.
Card index.
Card name.
Test error code, where testnum is the test number. For example, ec3 is the EEM built-in environment variable for the error code of test 3.
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
The time, in milliseconds and seconds, when the event was published to the EEM.
264
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
Event Type event_severity event_type event_type_string
lf testnum
new_failure overall_result pc
rc testnum
sn sub_card
ta testnum
tc event_register_gold
Description
GOLD event severity, which can be one of the following values:
• normal
• minor
• major.
Type of event.
An ASCII string that represents the name of the event for this event type.
Last fail time, where testnum is the test number. For example, lf3 is the EEM built-in variable for the last fail time of test 3.
The timestamp format is mmm dd yyyy hh:mm:ss. For example, Mar 11 1960 08:47:00.
The new test failure information in a GOLD event flag: true or false.
The overall diagnostic result, which can be one of the following values:
• 0: OK
• 3: minor error
• 4: major error
• 14: unknown result
Port counts.
Test total run count, where testnum is the test number.
For example, rc3 is the EEM built-in variable for the total run count of test 3.
Card serial number.
The subcard on which a GOLD failure event was detected.
Test attribute, where testnum is the test number. For example, ta3 is the EEM built-in variable for the test attribute of test 3.
Test counts.
Embedded Event Manager Configuration Guide
265
event_register_gold
Event Type
tf testnum
tn testnum
tr testnum
tr testnum d devnum
tr testnum p portnum
EEM Event Registration Tcl Command Extensions
Description
Total failure count, where testnum is the test number.
For example, tf3 is the EEM built-in variable for the total failure count of test 3.
Test name, where testnum is the test number. For example, tn3 is the EEM built-in variable for the name of test 3.
Test result, where testnum is the test number. For example, tr6 is the EEM built-in variable for test 6 where test 6 is not a per-port test and not a per-device test.
The test result is one of the following values:
• P: diagnostic result Pass
• F: diagnostic result Fail
• U: diagnostic result Unknown
Per-device test result, where testnum is the test number and devnum is the device number. For example, tr3d20 is the EEM built-in variable for the test result for test 3, device 20.
The test result is one of the following values:
• P: diagnostic result Pass
• F: diagnostic result Fail
• U: diagnostic result Unknown
Per-port test result, where testnum is the test number and portnum is the device number. For example,
tr5p20 is the EEM built-in variable for the test result for test 3, port 20.
The test result is one of the following values:
• P: diagnostic result Pass
• F: diagnostic result Fail
• U: diagnostic result Unknown
266
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_identity
Event Type tt
Description
The testing type, which can be one of the following:
• 1: A boot-up diagnostic
• 2: An on-demand diagnostic
• 3: A schedule diagnostic
• 4: A monitoring diagnostic
event_register_identity
Registers for an identity event. Use this Tcl command extension to generate an event when AAA authentication or authorization is successful or failure or after normal user traffic on the port is allowed to flow.
Syntax
event_register_identity [tag ?] interface ?
[aaa-attribute ?]
[authc {all | fail | success}]
[authz {all | fail | success}]
[authz-complete]
[mac-address ?]
[queue_priority {normal | low | high | last}]
[maxrun ?] [nice {0 | 1}]
Arguments
tag interface aaa-attribute authc authz authz-complete
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
A regular expression pattern to match against interface names.
(Optional) A regular expression that can be used to filter events by specific AAA attributes.
(Optional) Triggers events on successful, failed or both successful and failed authentication.
(Optional) Triggers events on successful, failed or both successful and failed authorization.
(Optional) Triggers events once the device connected to the interface is fully authenticated, authorized and normal traffic has begun to flow on that interface.
Embedded Event Manager Configuration Guide
267
event_register_identity
mac-address maxrun queue_priority nice
Result String
None
Set _cerrno
No
268
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Optional) A regular expression pattern that can be used to filter events by mac addresses of the remote device.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 31536000, inclusive, and where MMM must be an integer representing milliseconds between 0 and
999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
EEM Event Registration Tcl Command Extensions event_register_interface
Event_reqinfo For EEM_EVENT_IDENTITY
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u event_severity %u identity_stage %u identity_status %u interface %u identity_mac %u identity_<attribute> {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec event_severity identity_stage identity_status
The time, in seconds and milliseconds, at which the event was published to the EEM.
The severity of the event.
One among authentication, autherization or autherization-complete stages.
Success or one of these failure types: fail_authc, fail_aaa_server, fail_no_response, fail_timeout, fail_authz. For autherization-complete it is always success.
interface identity_mac identity_<attribute>
The interface for the event.
The MAC address of the remote device for the event.
For each AAA attribute, a set a dynamic variable to the value corresponding to that AAA attribute in the attribute or value list.
event_register_interface
Registers for an interface counter event. Use this Tcl command extension to generate an event when specified interface counters exceed specified thresholds.
Syntax
event_register_interface [tag ?] name ?
parameter ? entry_op gt|ge|eq|ne|lt|le entry_val ? entry_val_is_increment TRUE|FALSE entry_type value|increment|rate
[exit_comb or|and]
[exit_op gt|ge|eq|ne|lt|le]
Embedded Event Manager Configuration Guide
269
EEM Event Registration Tcl Command Extensions event_register_interface
[exit_val ?] [exit_val_is_increment TRUE|FALSE]
[exit_type value|increment|rate]
[exit_time ?] [poll_interval ?]
[average_factor ?] [queue_priority low|normal|high|last]
[maxrun ?] [nice 0|1]
Arguments
tag name parameter
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) The name of the interface being monitored, for example, Ethernet 0/0. Abbreviations and spaces are not allowed.
(Mandatory) The name of the counter being compared as follows:
• input_errors--Includes runts, giants, no buffer,
CRC, frame, overrun, and ignored counts. Other input-related errors can also cause the input errors count to be increased, and some datagrams may have more than one error; therefore, this sum may not balance with the sum of enumerated input error counts.
• input_errors_crc--Cyclic redundancy checksum generated by the originating LAN station or far-end device does not match the checksum calculated from the data received.
• input_errors_frame--Number of packets received incorrectly having a CRC error and a noninteger number of octets.
• input_errors_overrun--Number of times the receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver’s ability to handle the data.
• input_packets_dropped--Number of packets dropped because of a full input queue.
• interface_resets--Number of times that an interface has been completely reset.
• output_buffer_failures--Number of failed buffers and number of buffers swapped out.
• output_buffer_swappedout--Number of packets swapped to DRAM.
270
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
parameter (continued)
event_register_interface
• output_errors--Sum of all errors that prevented the final transmission of datagrams out of the interface being examined. Note that this may not balance with the sum of the enumerated output errors, because some datagrams may have more than one error, and others may have errors that do not fall into any of the specifically tabulated categories.
• output_errors_underrun--Number of times that the transmitter has been running faster than the device can handle.
• output_packets_dropped--Number of packets dropped because of a full output queue.
• receive_broadcasts--Number of broadcast or multicast packets received by the interface.
• receive_giants--Number of packets that are discarded because they exceed the maximum packet size of the medium.
• receive_rate_bps--Interface receive rate in bytes per second.
• receive_rate_pps--Interface receive rate in packets per second.
• receive_runts--Number of packets that are discarded because they are smaller than the minimum packet size of the medium.
• receive_throttle--Number of times that the receiver on the port was disabled, possibly because of buffer or processor overload.
• reliability--Reliability of the interface as a fraction of 255 (255/255 is 100 percent reliability), calculated as an exponential average over 5 minutes.
• rxload--Receive rate of the interface as a fraction of 255 (255/255 is 100 percent).
• transmit_rate_bps--Interface transmit rate in bytes per second.
• transmit_rate_pps--Interface transmit rate in packets per second.
• txload--Transmit rate of the interface as a fraction of 255 (255/255 is 100 percent).
Embedded Event Manager Configuration Guide
271
event_register_interface
entry_op entry_val entry_val_is_increment entry-type exit_comb
EEM Event Registration Tcl Command Extensions
(Mandatory) The comparison operator used to compare the current interface value with the entry value; if true, an event will be raised and event monitoring will be disabled until exit criteria are met.
(Mandatory) The value at which the event will be triggered.
(Mandatory) If TRUE, the entry_val field is treated as an incremental difference and is compared with the difference between the current counter value and the value when the event was last true (the first polled sample if this is a new event). A negative value checks the incremental difference for a counter that is decreasing. If FALSE, the entry_val field is compared against the current counter value.
Note
This keyword has been deprecated, and if specified, the syntax is converted into equivalent entry-type keyword syntax.
Specifies a type of operation to be applied to the object ID specified by the entry-val argument.
Value is defined as the actual value of the entry-val argument.
Increment uses the entry-val field as an incremental difference and the entry-valis compared with the difference between the current counter value and the value when the event was last triggered (or the first polled sample if this is a new event). A negative value checks the incremental difference for a counter that is decreasing.
Rate is defined as the average rate of change over a period of time. The time period is the average-factor value multiplied by the poll-interval value. At each poll interval the difference between the current sample and the previous sample is taken and recorded as an absolute value. An average of the previous average-factor value samples is taken to be the rate of change.
(Optional) Used to indicate the combination of exit condition tests required to rearm the event trigger; if the and operator is specified, both exit value and exit time tests must be true to cause rearm; if the or operator is specified, either exit value or exit time tests can be true to cause event monitoring to be rearmed.
272
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
exit_op exit_val exit_val_is_increment exit-type exit_time
event_register_interface
(Optional) The comparison operator used to compare the current interface value with the exit value; if true, event monitoring for this event will be reenabled.
(Optional) The value at which the event is rearmed to be monitored again.
(Optional) If TRUE, the exit_val field is treated as an incremental difference and is compared with the difference between the current counter value and the value when the event was last true. A negative value checks the incremental difference for a counter that is decreasing. If FALSE, the exit_val field is compared against the current counter value.
Note
In Cisco IOS Release 12.4(20)T, this keyword is deprecated, and if specified, the syntax is converted into equivalent exit-type keyword syntax.
(Optional) Specifies a type of operation to be applied to the object ID specified by the exit-val argument.
If not specified, the value is assumed.
Value is defined as the actual value of the exit-val argument.
Increment uses the exit-val field as an incremental difference and the exit-val is compared with the difference between the current counter value and the value when the event was last triggered (or the first polled sample if this is a new event). A negative value checks the incremental difference for a counter that is decreasing.
Rate is defined as the average rate of change over a period of time. The time period is the average-factor value multiplied by the poll-interval value. At each poll interval the difference between the current sample and the previous sample is taken and recorded as an absolute value. An average of the previous average-factor value samples is taken to be the rate of change.
(Optional) The time period at which the event is rearmed to be monitored again (specified in
SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999).
Embedded Event Manager Configuration Guide
273
event_register_interface
poll_interval average-factor queue_priority maxrun
EEM Event Registration Tcl Command Extensions
(Optional) The frequency used to collect the samples
(specified in SSSSSSSSSS[.MMM] format, where
SSSSSSSSSS must be an integer representing seconds between 60 and 4294967295, inclusive, and where
MMM must be an integer representing milliseconds between 0 and 999). The poll interval value must not be less than 1 second. The default is 1 second.
(Optional) Number in the range from 1 to 64 used to calculate the period used for rate-based calculations.
The average-factor value is multiplied by the poll-interval value to derive the period in milliseconds. The minimum average factor value is
1.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
274
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_interface
nice (Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"event_severity {%s} name {%s} parameter {%s} value %d"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec event_severity
The time, in seconds and milliseconds, when the event was published to the EEM.
Interface event severity, which can be one of the following values:
• normal
• minor
• major
name parameter value
Name of the interface.
Name of the parameter.
The incremental/decremental difference compared to the last event triggered or the absolute value of the parameter being monitored, depending on the specified value of entry_val_is_increment.
Embedded Event Manager Configuration Guide
275
EEM Event Registration Tcl Command Extensions event_register_ioswdsysmon
event_register_ioswdsysmon
Registers for an IOSWDSysMon event. Use this Tcl command extension to generate an event when a Cisco
IOS task exceeds specific CPU utilization or memory thresholds. A Cisco IOS task is called a Cisco IOS process in native Cisco IOS.
Syntax
event_register_ioswdsysmon [tag ?] [timewin ?] [sub12op and|or] [sub1 ?] [sub2 ?]
[queue_priority low|normal|high|last] [maxrun ?] [nice 0|1]
Arguments
tag timewin sub12_op sub1 sub2
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Optional) Defines the time window within which all of the subevents must occur in order for an event to be generated (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999).
(Optional) The combination operator for comparison between subevent 1 and subevent 2.
(Optional) The subevent 1 specification.
(Optional) The subevent 2 specification.
276
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_ioswdsysmon
queue_priority maxrun nice
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Subevent Syntax
cpu_proc path ? taskname ? op gt|ge|eq|ne|lt|le val ? [period ?] mem_proc path ? taskname ? op gt|ge|eq|ne|lt|le val ? [is_percent TRUE|FALSE] [period ?]
Subevent Arguments
cpu_proc (Mandatory) Specifies the use of a sample collection of CPU statistics.
Embedded Event Manager Configuration Guide
277
EEM Event Registration Tcl Command Extensions event_register_ioswdsysmon
path taskname op val period mem_proc is_percent
(Mandatory) Software Modularity images only. The pathname of the POSIX process that contains the
Cisco IOS scheduler to be monitored. For example,
/sbin/cdp2.iosproc.
(Mandatory) The name of the Cisco IOS task to be monitored.
(Mandatory) The comparison operator used to compare the collected usage sample with the specified value; if true, an event will be raised.
(Mandatory) The value to be compared.
(Optional) The elapsed time period for the collection samples to be averaged (specified in
SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent sample is used.
(Mandatory) Specifies the use of a sample collection of memory statistics.
(Optional) Whether the specified value is a percentage.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"num_subs %u"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
278
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_ioswdsysmon
Event Type event_type_string event_pub_sec event_pub_msec num_subs
Description
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
Number of subevents.
Where the subevent info string is for a CPU_UTIL subevent,
"{type %s procname {%s} pid %u taskname {%s} taskid %u value %u sec %ld msec %ld}"
Subevent Type Description type
Type of subevent.
procname
POSIX process name for this subevent.
POSIX process ID for this subevent.
pid taskname
Cisco IOS task name for this subevent.
Cisco IOS task ID for this subevent.
taskid value
sec , msec
Actual average CPU utilization over the measured interval.
Elapsed time period for this measured interval.
Where the subevent info string is for a MEM_UTIL subevent,
"{type %s procname {%s} pid %u taskname {%s} taskid %u is_percent %s value %u diff %d"
"sec %ld msec %ld}"
Subevent Type Description type
Type of subevent.
procname
POSIX process name for this subevent.
pid
POSIX process ID for this subevent.
Cisco IOS task name for this subevent.
taskname taskid is_percent
Cisco IOS task ID for this subevent.
TRUE or FALSE depending on whether the value is a percentage value.
Embedded Event Manager Configuration Guide
279
EEM Event Registration Tcl Command Extensions event_register_ipsla
Subevent Type value diff
sec , msec
Description
Total memory use in KB or the actual average memory utilization for this measured interval.
The percentage difference between the oldest sample in the measured interval and the latest sample; a negative value represents a decrease.
Elapsed time period for this measured interval.
event_register_ipsla
Registers for an event that is triggered by the event ipslacommand. Use this Tcl command to publish an event when an IPSLA reaction is triggered. The group ID or the operation ID is required to register the event.
Syntax
event_register_ipsla [tag ?] group_name ? operation_id ? [reaction_type ?]
[dest_ip_addr ?][queue_priority low|normal|high|last] [maxrun ?] [nice 0|1]
Arguments
tag group_name operation_id
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) Specifies the IP SLAs group name.
(Mandatory) Specifies the IP SLA operation ID.
Number must be in the range from 1 to 2147483647.
280
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
reaction_type dest_ip_address
event_register_ipsla
(Optional) Specifies the reaction to be taken for the specified IP SLAs operation.
Type of IP SLAs reaction--One of the following keywords can be specified: connectionLoss, icpif,
jitterAvg, jitterDSAvg, jitterSDAvg,
maxOfNegativeDS, maxOfNegativeSD,
maxOfPositiveDS, maxOfPositiveSD, mos,
packetLateArrival, packetLossDS, packetLossSD,
packetMIA, packetOutOfSequence, rtt, timeoutor
verifyError can be specified.
Type of IP SLAs reaction. One of the following keywords can be specified:
• connectionLoss
• icpif
• jitterAvg
• jitterDSAvg
• jitterSDAvg
• maxOfNegativeDS
• maxOfNegativeSD
• maxOfPositiveDS
• maxOfPositiveSD
• mos
• packetLateArrival
• packetLossDS
• packetLossSD
• packetMIA
• packetOutOfSequence
• rtt
• timeout
• verifyError
(Optional) Specifies the destination IP address of the destination port for which the IP SLAs events are monitored.
Embedded Event Manager Configuration Guide
281
event_register_ipsla
queue_priority maxrun nice
Result String
None
Set _cerrno
No
282
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 31536000, inclusive, and where MMM must be an integer representing milliseconds between 0 and
999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
EEM Event Registration Tcl Command Extensions event_register_ipsla
Event_reqinfo
"event_ID %u event_type %u event_pub_sec %u event_pub_msec %u event_severity %u" "group_name %u operation_id %u condition %u reaction_type %u dest_ip_addr %u" "threshold_rising %u threshold_falling%u measured_threshold_value %u" "threshold_count1 %u threshold count2 %u"
Event Type event_id
Description
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
The type of event to monitor for the create, update, and delete flow.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec event_severity
The time, in seconds and milliseconds, when the event was published to the EEM.
The severity of the event.
group_name operation_id condition
The name of theIPSLA group.
The IPSLA operation ID.
The condition of IPSLA, which can be one of the following:
• cleared
• occurred
reaction_type dest_ip_address threshold rising threshold falling measured_threshold_value threshold_count1 threshold_count2
The IPSLA reaction type.
The IPSLA destination IP address.
The IPSLA configured rising threshold value.
The IPSLA configured falling threshold value.
The measured threshold value of the IPSLA operation.
Corresponds to the argument of the threshold type1.
Corresponds to the argument of the threshold type2.
Embedded Event Manager Configuration Guide
283
EEM Event Registration Tcl Command Extensions event_register_mat
event_register_mat
Registers for a MAT event. Use this Tcl command extension to generate an event when a mac-address is learned in the mac-address-table.
Syntax
event_register_identity [tag ?] interface ?
[mac-address ?]
[type {add | delete}]
[hold-down ?]
[maxrun ?]
Arguments
tag interface mac-address type hold-down maxrun
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
A regular expression pattern to match against interface names.
Mandatory if the interface parameter is not specified.
A regular expression pattern that can be used to filter events by mac addresses of the remote device.
(Optional) Filter based on a mac-address-table event type of add or delete. If not specified, the event type is not used in determining whether the event should be triggered.
(Optional) When a mac-address-table event comes in, the hold-down timer can be set to make the event to wait between 1 and 4294967295 seconds before processing the policy. If not set then the policy is not delayed in being processed.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 31536000, inclusive, and where MMM must be an integer representing milliseconds between 0 and
999). If this argument is not specified, the default
20-second run-time limit is used.
Result String
None
284
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_neighbor_discovery
Set _cerrno
No
Event_reqinfo For EEM_EVENT_MAT
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u event_severity %u notification %u intf_name %u mac_address {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, at which the event was published to the EEM.
The severity of the event.
event_severity notification intf_name mac_address
Notification type--add or delete.
The interface name for the address table entry.
The mac-address for the address table entry.
event_register_neighbor_discovery
Registers for a neighbor discover event. Use this Tcl command extension to generate an event when a Cisco
Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) cache entry or a interface link status changes.
Syntax
event_register_neighbor_discovery [tag ?] interface ?
[cdp {add | update | delete | all}]
[lldp {add | update | delete | all}]
[link-event]
[line-event]
[queue_priority {normal | low | high | last}]
[maxrun ?] [nice {0 | 1}]
Embedded Event Manager Configuration Guide
285
event_register_neighbor_discovery
Arguments
tag interface cdp lldp line-event link-event
286
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
A regular expression pattern to match against interface names.
Trigger an event when a matching CDP event occurs.
One of the following options should be specified.
• add--Trigger events only when a new CDP cache entry is created in the CDP table.
• all--Trigger an event when a CDP cache entry is added or deleted from the CDP cache table and when a remote CDP device sends a keepalive to update the CDP cache entry.
• delete--trigger events only when a CDP cache entry is deleted from the CDP table.
• update--trigger an event when a CDP cache entry is added to the CDP table or when the remote CDP device sends a CDP keepalive to update the CDP cache entry.
Trigger an event when a matching lldp event occurs.
One of the following options should be specified.
• add--Trigger events only when a new cdp cache entry is created in the cdp table.
• all--Trigger an event when a cdp cache entry is added or deleted from the cdp cache table and when a remote cdp device sends a keepalive to update the cdp cache entry.
• delete--trigger events only when a cdp cache entry is deleted from the cdp table.
• update--trigger an event when a cdp cache entry is added to the cdp table or when the remote cdp device sends a cdp keepalive to update the cdp cache entry.
Trigger an event when the interface line protocol status changes.
Trigger an event when the interface link status changes.
EEM Event Registration Tcl Command Extensions
queue_priority maxrun nice
Result String
None
Set _cerrno
No
event_register_neighbor_discovery
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 31536000, inclusive, and where MMM must be an integer representing milliseconds between 0 and
999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Embedded Event Manager Configuration Guide
287
EEM Event Registration Tcl Command Extensions event_register_neighbor_discovery
Event_reqinfo For EEM_EVENT_NEIGHBOR_DISCOVERY
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u event_severity %u nd_notification {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, at which the event was published to the EEM.
The severity of the event.
event_severity
Common Event_Reqinfo
nd_notification nd_intf_linkstatus nd_intf_linestatus
The type of notification--cdp-add, cdp-update, cdp-delete, lldp-add, lldp-update, lldp-delete, link, line.
The current interface link status, up or down.
The current interface line status, down, goingdown, init, testing, up, reset, admindown, deleted.
nd_local_intf_name nd_short_local_intf_name nd_port_id
The local interface name for the event.
The short name of the local interface for the event.
The port id as identified by either the cdp or lldp protocol. This is not set for link or line protocol events.
CDP-specific Event_reqinfo nd_protocol nd_proto_notif nd_proto_new_entry nd_cdp_entry_name
Identifies which protocol triggered the event, for CDP it will always be set to cdp.
Identifies which type of protocol event triggered the event, add, update or delete.
If set to 1, the event was triggered because the cache entry is new, otherwise it will be set to 0.
The name of the cdp cache entry in the cdp table.
288
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
Event Type nd_cdp_hold_time nd_cdp_mgmt_domain nd_cdp_platform nd_cdp_version nd_cdp_capabilities_string nd_cdp_capabilities_bits nd_cdp_capabilities_bit_[0-31]
LLDP-specific Event_reqinfo nd_protocol nd_proto_notif nd_proto_new_entry nd_lldp_chassis_id nd_lldp_system_name nd_lldp_system_description nd_lldp_ttl nd_lldp_port_description event_register_neighbor_discovery
Description
The time remaining until the cdp cache entry expires and is deleted from the cdp table. This time will be reset to some maximum by an update from the cdp neighbor. It is usually set to 0 for new entries.
The CDP VTP management domain.
The platform name reported by the remote device.
The version of code running on the remote device.
The contents of the CDP capabilities field in a string format: Router, Trans-Bridge, Source-Route-Bridge,
Switch, Host, IGMP, Repeater, Phone,
Remotely-Managed device, CVTA phone port,
Two-port Mac Relay or any combination of these separated by commas.
The CDP capabilities bits in a hexadecimal number preceded with 0x.
A series of values that will be set to YES if that bit in the capabilities field is set or NO if it is not set.
Identifies which protocol triggered the event, for
LLDP it will always be set to lldp.
Identifies which type of protocol event triggered the event, add, update or delete.
If set to 1, the event was triggered because the cache entry is new, otherwise it will be set to 0.
The chassis id field from the LLDP cache entry.
The system name from the LLDP cache entry.
The system description field from the LLDP cache entry.
The LLDP time to live field from the LLDP cache entry.
The port description field from the LLDP cache entry.
Embedded Event Manager Configuration Guide
289
EEM Event Registration Tcl Command Extensions event_register_nf
Event Type nd_lldp_system_capabilities_string nd_lldp_enabled_capabilities_string nd_lldp_system_capabilities_bits nd_lldp_enabled_capabilities_bits nd_lldp_capabilities_bits nd_lldp_capabilities_bit_[0-31]
Description
The LLDP system capabilities field from the LLDP cache entry. Provided as a string that can contain O,
P, B, W, R, T, C, S or any combination of these separated by commas.
The LLDP enabled system capabilities field from the
LLDP cache entry. Provided as a string that can contain O, P, B, W, R, T, C, S or any combination of these separated by commas.
The LLDP system capabilities bits field from the
LLDP cache entry. Provided as a hexadecimal number preceded by 0x.
The LLDP enabled capabilities bits field from the
LLDP cache entry. Provided as a hexadecimal number preceded by 0x.
The LLDP capabilities bits field from the LLDP cache entry. Provided as a hexadecimal number preceded by 0x.
A series of values that will be set to YES if that bit in the capabilities field is set or NO if it is not set.
event_register_nf
Registers for an event when a NetFlow event is triggered by the event nfcommand. Use this Tcl command to publish an event when an NetFlow reaction is triggered..
Syntax
event_register_nf [tag ?] monitor_name ? event_type create|update|delete exit_event_type create|update|delete event1-event4 ? [maxrun ?] [nice 0|1]
Arguments
tag monitor_name event_type
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) The name of the NetFlow monitor.
(Mandatory) The type of event to monitor for the create, update, and delete flow.
290
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_nf
exit_event_type event1- event4 maxrun nice
(Mandatory) The event-type (create, delete, update) at which the event is rearmed to be monitored again.
(Mandatory) Specifies the event and its attributes to monitor. Valid values are event1, event2, event3, and event4.
The subevent keywords can be used alone, together, or in any combination with each other, but each keyword can be used only once.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Subevent Syntax
field ? rate_interval ? event1 only entry_value ? entry_op eq|ge|gt|le|lt|wc
[exit_value ?] [exit_op eq|ge|gt|le|lt|wc] [exit_rate_interval ? event1 only]
Embedded Event Manager Configuration Guide
291
event_register_nf
Subevent Arguments
field rate_interval entry_value entry_op exit_value
292
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Mandatory) Specifies the cache or field attribute to be monitored. One of the following attributes can be specified:
• counter {bytes | packets}--Specifies the counter fields.
• datalink {dot1q | mac}--Specifies the datalink
(layer2) fields.
• flow {direction | sampler}--Specifies the flow identifying fields.
• interface {input | output}--Specifies the interface fields.
• ipv4 field-type-- Specifies the IPv4 fields.
• ipv6 field-type-- IPv6 fields
• routing routing-attrribute -- Specifies the routing attributes.
• timestamp sysuptime {first | last}--Specifies the timestamp fields.
• transport field-type-- Specifies the Transport layer fields.
(Mandatory) Specifies the rate interval value in seconds used to calculate the rate. This field is only valid for event1.
(Mandatory) Specifies the field or rate value.
(Mandatory) Specifies the field operator.
The comparison operator valid values are:
• eq - Equal to
• ge - Greater than or equal to
• gt - Greater than
• le - Less than or equal to
• lt - Less than
• wc - Wildcard
(Optional) The value at which the event is rearmed to be monitored again.
EEM Event Registration Tcl Command Extensions event_register_nf
exit_op exit_rate_interval
(Optional) The comparison operator used to compare the current event field or rate value with the exit value; if true, event monitoring for this event is reenabled.
The comparison operator valid values are:
• eq - Equal to
• ge - Greater than or equal to
• gt - Greater than
• le - Less than or equal to
• lt - Less than
• wc - Wildcard
(Optional) Specifies the exit rate interval value in seconds used to calculate the exit rate value. This field is only valid for event1.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_ID %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u event_severity %u monitor_name %u event1-event4_field %u event1-event4_value
Event Type Description
event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string event_pub_sec event_pub_msec
The type of event to monitor for the create, update, and delete flow.
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
event_severity
The severity of the NetFlow event.
Embedded Event Manager Configuration Guide
293
EEM Event Registration Tcl Command Extensions event_register_none montior_name event1-event4_field event1-event4_value
The name of the NetFlow monitor.
Specifies the event and its attributes to monitor. Valid values are event1, event2, event3, and event4.
Specifies the event value and its attributes to monitor.
Valid values are event1, event2, event3, and event4.
event_register_none
Registers for an event that is triggered by the event manager run command. These events are handled by the None event detector that screens for this event.
Syntax
event_register_none [tag ?] [sync {yes|no}] [default ?] [queue_priority low|normal|high|last]
[maxrun ?] [nice 0|1]
Arguments
tag sync
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Optional) A "yes" or a "no" is required to complete this keyword.
• If the yes keyword is specified, the policy will run synchronously with the CLI command.
• If the no keyword is specified, the policy will run asynchronously with the CLI command.
default (Optional) The time period during which the CLI event detector waits for the policy to exit (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If the default time period expires before the policy exits, the default action will be executed. The default action is to run the command. If this argument is not specified, the default time period is set to 30 seconds.
294
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
queue_priority maxrun nice
Result String
None
Set _cerrno
No
event_register_none
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Embedded Event Manager Configuration Guide
295
EEM Event Registration Tcl Command Extensions event_register_oir argc arg1 arg2 arg3 arg4 arg6 arg7 arg8 arg9 arg10 arg11 arg12 arg13 arg14 arg15
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u event_severity %u arg %u"
Event Type Description
event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
Type of event.
event_type event_type_string event_pub_sec event_pub_msec
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
event_severity
The severity of the event.
The parameters that are passed from the XML SOAP command to the script.
event_register_oir
Registers for an online insertion and removal (OIR) event. Use this Tcl command extension to run a policy on the basis of an event raised when a hardware card OIR occurs. These events are handled by the OIR event detector that screens for this event.
296
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_oir
Syntax
event_register_oir [tag ?] [queue_priority low|normal|high|last] [maxrun ?] [nice 0|1]
Arguments
tag queue_priority maxrun nice
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Embedded Event Manager Configuration Guide
297
EEM Event Registration Tcl Command Extensions event_register_process
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u"
"slot %u event %s"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event ID.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec slot event
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
Slot number for the affected card.
Indicates a string, removed or online, that represents either an OIR removal event or an OIR insertion event.
event_register_process
Registers for a process event. Use this Tcl command extension to run a policy on the basis of an event raised when a Cisco IOS Software Modularity process starts or stops. These events are handled by the System
Manager event detector that screens for this event. This Tcl command extension is supported only in Software
Modularity images.
Syntax
event_register_process [tag ?] abort|term|start|user_restart|user_shutdown
[sub_system ?] [version ?] [instance ?] [path ?] [node ?]
[queue_priority low|normal|high|last] [maxrun ?] [nice 0|1]
298
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
Arguments
tag abort term start user_restart user_shutdown sub_system version instance path
event_register_process
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) Abnormal process termination. Process may abort because of exiting with a nonzero exit status, receiving a kernel-generated signal, or receiving a SIGTERM or SIGKILL signal that is not sent because of user request.
(Mandatory) Normal process termination.
(Mandatory) Process start.
(Mandatory) Process termination due to the process restart request from the CLI command.
(Mandatory) Process termination due to the process kill request from the CLI command.
(Optional) Number assigned to the EEM policy that published the process event. Number is set to 798 because all other numbers are reserved for Cisco use.
(Optional) Version number of the process assigned by the version manager. Must be of the form major_number.minor_number.level. If specified, each component of the version number must be an integer between 1 and 4294967295, inclusive.
(Optional) Process instance ID. If specified, this argument must be an integer between 1 and
4294967295, inclusive.
(Optional) Process pathname (a regular expression string). If the value of the process-name argument contains embedded blanks, enclose it in double quotation marks. Use path ".*" to match all processes.
Embedded Event Manager Configuration Guide
299
event_register_process
node queue_priority maxrun
EEM Event Registration Tcl Command Extensions
(Optional) The node name is a string that consists of the word "node" followed by two fields separated by a slash character using the following format: node<slot-number>/<cpu-number>
The slot-number is the hardware slot number. The cpu-number is the hardware CPU number. For example, the SP CPU in a Supervisor card on a Cisco
Catalyst 6500 series switch located in slot 0 would be specified as node0/0. The RP CPU in a Supervisor card on a Cisco Catalyst 6500 series switch located in slot 0 would be addressed as node0/1. If the node argument is not specified, the default node specification is always the regular expression pattern match of * representing all applicable nodes.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
300
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_process
nice (Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
If an optional argument is not specified, the event matches all possible values of the argument. If multiple arguments are specified, the process event will be raised when all the conditions are matched.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u"
"sub_system 0x%x instance %u process_name {%s} path {%s} exit_status 0x%x"
"respawn_count %u last_respawn_sec %ld last_respawn_msec %ld fail_count %u"
"dump_count %u node_name {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec sub_system instance
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
Number assigned to the EEM policy that published the application-specific event. Number is set to 798 because all other numbers are reserved for Cisco use.
Process instance ID.
process_name path exit_status respawn_count
Process name.
Process absolute name including path.
Process last exit status.
Number of times that the process was restarted.
Embedded Event Manager Configuration Guide
301
EEM Event Registration Tcl Command Extensions event_register_resource
Event Type last_respawn_sec last_respawn_msec fail_count dump_count node_name
Description
The calendar time when the last restart occurred.
Number of restart attempts of the process that failed.
This count will be reset to 0 when the process is successfully restarted.
Number of core dumps taken of the process.
Name of the node that the process is on. The node name is a string that consists of the word "node" followed by two fields separated by a slash character using the following format:
node slot-number / cpu-number
The slot-number is the hardware slot number. The cpu-number is the hardware CPU number.
event_register_resource
Registers for an Embedded Resource Manager (ERM) event. Use this Tcl command extension to run a policy on the basis of an ERM event report for a specified policy. ERM events are screened by the EEM Resource event detector, allowing an EEM policy to be run when a match occurs for the specified ERM policy.
Syntax
event_register_resource policy policy-name [queue_priority low|normal|high|last]
[maxrun ?] [nice 0|1]
Arguments
policy policy-name
(Mandatory) Specifies the use of a policy.
(Mandatory) Name of an ERM policy.
302
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_resource
queue_priority maxrun nice
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
Embedded Event Manager Configuration Guide
303
EEM Event Registration Tcl Command Extensions event_register_rf
"owner_id %lld user_id %lld" time_sent %llu dampen_time %d notify_data_flags %u"
"level {%s} direction {%s} configured_threshold %u current_value %u"
"policy_violation_flag {%s} policy_id %d"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec owner_id user_id time_sent dampen_time notify_data_flags level direction
The time, in seconds and milliseconds, when the event was published to the EEM.
The Embedded Resource Manager (ERM) owner ID.
The ERM user ID.
The ERM event time, in nanoseconds.
The ERM dampen time, in nanoseconds.
The ERM notify data flag.
The ERM event level. The four event levels are normal, minor, major, and critical.
The ERM event direction. The event direction can be one of the following: up, down, or no change.
configured_threshold current_value policy_violation_flag policy_id
The configured ERM threshold.
The current value reported by ERM.
The ERM policy violation flag; either false or true.
The ERM policy ID.
event_register_rf
Registers for a Redundancy Facility (RF) event. Use this Tcl command extension to run a policy when an RF progression or status event notification occurs.
Syntax
event_register_rf [tag ?] event ?
304
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_rf
[queue_priority low|normal|high|last]
[maxrun ?] [nice 0|1]
Arguments
tag event
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) Name of the RF progression or status event. Valid values are:
• RF_PROG_ACTIVE
• RF_PROG_ACTIVE_DRAIN
• RF_PROG_ACTIVE_FAST = 200
• RF_PROG_ACTIVE_PRECONFIG
• RF_PROG_ACTIVE_POSTCONFIG
• RF_PROG_EXTRALOAD
• RF_PROG_HANDBACK
• RF_PROG_INITIALIZATION
• RF_PROG_PLATFORM_SYNC
• RF_PROG_STANDBY_BULK
• RF_PROG_STANDBY_COLD
• RF_PROG_STANDBY_CONFIG
• RF_PROG_STANDBY_FILESYS
• RF_PROG_STANDBY_HOT
• RF_PROG_STANDBY_OIR_SYNC_DONE
• RF_REGISTRATION_STATUS
• RF_STATUS_MAINTENANCE_ENABLE
• RF_STATUS_MANUAL_SWACT
• RF_STATUS_OPER_REDUNDANCY_MODE_CHANGE
• RF_STATUS_PEER_COMM
• RF_STATUS_PEER_PRESENCE
• RF_STATUS_REDUNDANCY_MODE_CHANGE
• RF_STATUS_SWACT_INHIBIT
Embedded Event Manager Configuration Guide
305
event_register_rf
queue_priority maxrun nice
Result String
None
Set _cerrno
No
306
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
EEM Event Registration Tcl Command Extensions event_register_routing
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"event {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec event
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
RF progression or status event notification that caused this event to be published.
event_register_routing
Registers for an event that is triggered by the event routing command. These events are handled by the routing event detector to publish an event when route entries change in Routing Information Base (RIB) infrastructure.
Use this Tcl command extension to run a routing policy for this script. The network IP address for the route to be monitored must be specified.
Syntax
event_register_routing [tag ?] network ? length [ge|le|ne] [type add|remove|modify|all]
[protocol ?] [queue_priority normal|low|high|last] [maxrun ?] [nice {0 | 1}]
Arguments
tag network
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
Specifies the network IP address. The network number can be any valid IP address or prefix.
Embedded Event Manager Configuration Guide
307
event_register_routing
length type protocol
EEM Event Registration Tcl Command Extensions
Specifies the length of the network mask in bits. The bit mask can be a number from 0 to 32.
• ge --(Optional) Specifies the minimum prefix length to be matched. The ge keyword represents greater than or equal to operator.
• le --(Optional) Specifies the maximum prefix length to be matched. The le keyword represents the less than or equal to operator.
• ne --(Optional) Specifies the prefix length not to be matched. The ne keyword represents not equal to operator.
When ge, le and ne keywords are not configured, an exact match of network length is processed.
(Optional) Specifies the desired policy trigger. The type options are add, remove, modify, and all. The default is all.
(Optional) Specifies the protocol value for the network being monitored.
One of the following protocols can be used: all, bgp,
connected, eigrp, isis, iso-igrp, mobile, odr, ospf,
rip, and static. The default is all.
308
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
queue_priority maxrun nice
Result String
None
Set _cerrno
No
event_register_routing
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Embedded Event Manager Configuration Guide
309
EEM Event Registration Tcl Command Extensions event_register_rpc
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"event_severity {%s} %u network %u mask %u protocol %u lastgateway %u distance %u" "time_sec %u time_msec %u metric %u lastinterface %u"
Event Type event_id
Description
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
event_severity network mask protocol type lastgateway distance time_sec time_msec metric lastinterface
The severity of the event.
The network prefix in IP address format
The network mask in IP address format
Type of network protocol.
Type of event to add, remove or modify.
The last known gateway.
The administrative distance.
Time of event in seconds and milliseconds, when the event was published to the EEM.
Path metric.
The last known interface.
event_register_rpc
Registers for an event that is triggered by the EEM SSH Remote Procedure Call (RPC) command. These events are handled by the RPC event detector that screens for this event. Use this Tcl command extension to run a RPC policy for this script.
310
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_rpc
Syntax
event_register_rpc [queue_priority {normal | low | high | last}] [maxrun <sec.msec>] [nice
{0 | 1}] [default <sec.msec>]
Arguments
queue_priority maxrun nice
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Embedded Event Manager Configuration Guide
311
EEM Event Registration Tcl Command Extensions event_register_rpc
default (Optional) The time period during which the CLI event detector waits for the policy to exit (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If the default time period expires before the policy exits, the default action will be executed. The default action is to run the command. If this argument is not specified, the default time period is set to 30 seconds.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u arg %u"
Event Type Description
event_id event_type
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
Type of event.
event_type_string event_pub_sec event_pub_msec
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
312
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_snmp arg6 arg7 arg8 arg9 arg10 arg11 arg12 arg13 arg14 argc arg0 arg1 arg2 arg3 arg4
The parameters that are passed from the XML SOAP command to the script.
event_register_snmp
Registers for a Simple Network Management Protocol (SNMP) statistics event. Use this Tcl command extension to run a policy when a given counter specified by an SNMP object ID (oid) crosses a defined threshold.
Syntax
event_register_snmp [tag ?] oid ? get_type exact|next entry_op gt|ge|eq|ne|lt|le entry_val ?
entry_type value|increment|rate
[exit_comb or|and]
[exit_op gt|ge|eq|ne|lt|le] [exit_val ?]
[exit_type value|increment|rate]
[exit_time ?] poll_interval ? [average_factor ?]
[queue_priority low|normal|high|last]
[maxrun ?] [nice 0|1]
Arguments
tag (Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
Embedded Event Manager Configuration Guide
313
event_register_snmp
oid entry_op get_type entry_val
EEM Event Registration Tcl Command Extensions
(Mandatory) OID number of data element in SNMP dot notation (for example, 1.3.6.1.2.1.2.1.0). The types of OIDs allowed are:
• COUNTER_TYPE
• COUNTER_64_TYPE
• GAUGE_TYPE
• INTEGER_TYPE
• OCTET_PRIM_TYPE
• OPAQUE_PRIM_TYPE
• TIME_TICKS_TYPE
(Mandatory) Entry comparison operator used to compare the current OID data value with the entry value; if true, an event will be raised and event monitoring will be disabled until exit criteria are met.
(Mandatory) Type of SNMP get operation that needs to be applied to the OID specified. If the get_type argument is "exact," the value of the specified OID is retrieved; if the get_type argument is "next," the value of the lexicographical successor to the specified
OID is retrieved.
(Mandatory) Value with which the current oid data value should be compared to decide if the SNMP event should be raised.
314
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
entry-type exit_comb exit_op exit_val
event_register_snmp
Specifies a type of operation to be applied to the object ID specified by the entry-val argument.
Value is defined as the actual value of the entry-val argument.
Increment uses the entry-val field as an incremental difference and the entry-valis compared with the difference between the current counter value and the value when the event was last triggered (or the first polled sample if this is a new event). A negative value checks the incremental difference for a counter that is decreasing.
Rate is defined as the average rate of change over a period of time. The time period is the average-factor value multiplied by the poll-interval value. At each poll interval the difference between the current sample and the previous sample is taken and recorded as an absolute value. An average of the previous average-factor value samples is taken to be the rate of change.
(Optional) Exit combination operator used to indicate the combination of exit condition tests required to decide if the exit criteria are met so that the event monitoring can be reenabled. If it is "and," both exit value and exit time tests must be passed to meet the exit criteria. If it is "or," either exit value or exit time tests can be passed to meet the exit criteria. When exit_comb is "and," exit_op, and exit_val (exit_time) must exist. When exit_comb is "or," (exit_op and exit_val) or (exit_time) must exist.
(Optional) Exit comparison operator used to compare the current oid data value with the exit value; if true, event monitoring for this event will be reenabled.
(Optional) Value with which the current oid data value should be compared to decide if the exit criteria are met.
Embedded Event Manager Configuration Guide
315
event_register_snmp
exit-type exit_time poll_interval average-factor
EEM Event Registration Tcl Command Extensions
(Optional) Specifies a type of operation to be applied to the object ID specified by the exit-val argument.
If not specified, the value is assumed.
Value is defined as the actual value of the exit-val argument.
Increment uses the exit-val field as an incremental difference and the exit-val is compared with the difference between the current counter value and the value when the event was last triggered (or the first polled sample if this is a new event). A negative value checks the incremental difference for a counter that is decreasing.
Rate is defined as the average rate of change over a period of time. The time period is the average-factor value multiplied by the poll-interval value. At each poll interval the difference between the current sample and the previous sample is taken and recorded as an absolute value. An average of the previous average-factor value samples is taken to be the rate of change.
(Optional) Number of POSIX timer units after an event is raised when event monitoring will be enabled again. Specified in SSSSSSSSSS[.MMM] format where SSSSSSSSSS must be an integer number representing seconds between 0 and 4294967295, inclusive. MMM represents milliseconds and must be an integer number between 0 and 999.
(Mandatory) Interval between consecutive polls in
POSIX timer units. Currently the interval is forced to be at least 1 second (specified in
SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999).
(Optional) Number in the range from 1 to 64 used to calculate the period used for rate-based calculations.
The average-factor value is multiplied by the poll-interval value to derive the period in milliseconds. The minimum average factor value is
1.
316
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
queue_priority maxrun nice
Result String
None
Set _cerrno
No
event_register_snmp
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Embedded Event Manager Configuration Guide
317
EEM Event Registration Tcl Command Extensions event_register_snmp_notification
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"event_severity {%s} oid {%s} val {%s} delta_val {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec event_severity
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
SNMP event severity, which can be one of the following values:
• normal
• minor
• major
oid val delta_val
Object ID of data element, in SNMP dot notation.
Value of the data element.
Delta value between the value of the policies.
event_register_snmp_notification
Registers for a Simple Network Management Protocol (SNMP) notification trap event. Use this Tcl command extension to run a policy when an SNMP trap with the specified SNMP object ID (oid) is encountered on a specific interface or address. The snmp-server manager CLI command must be enabled for the SNMP notifications to work using Tcl policies.
Syntax
event_register_snmp_notification [tag ?] oid ? oid_val ?
op {gt|ge|eq|ne|lt|le}
[maxrun ?]
[src_ip_address ?]
[dest_ip_address ?]
[queue_priority {normal|low|high|last}]
[maxrun ?]
[nice {0|1}]
[default ?]
318
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
[direction {incoming|outgoing}]
[msg_op {drop|send}]
Arguments
tag oid oid_val op maxrun src_ip_address dest_ip_address
event_register_snmp_notification
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) OID number of the data element in
SNMP dot notation (for example, 1.3.6.1.2.1.2.1.0).
If the specified OID ends with a dot (.), then all OIDs that start with the OID number before the dot are matched. The types of OIDs allowed are:
• COUNTER_TYPE
• COUNTER_64_TYPE
• GAUGE_TYPE
• INTEGER_TYPE
• OCTET_PRIM_TYPE
• OPAQUE_PRIM_TYPE
• TIME_TICKS_TYPE
(Mandatory) OID value with which the current OID data value should be compared to decide if the SNMP event should be raised.
(Mandatory) Comparison operator used to compare the current OID data value with the SNMP Protocol
Data Unit (PDU) OID data value; if this is true, an event is raised.
(Optional) Maximum run time of the script (specified in ssssssss[.mmm] format, where ssssssss must be an integer representing seconds between 0 and 31536000, inclusive, and where mmm must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default 20-second run-time limit is used.
(Optional) Source IP address where the SNMP notification trap originates. The default is all; it is set to receive SNMP notification traps from all IP addresses.
(Optional) Destination IP address where the SNMP notification trap is sent. The default is all; it is set to receive SNMP traps from all destination IP addresses.
Embedded Event Manager Configuration Guide
319
event_register_snmp_notification
queue_priority default nice direction msg_op
Result String
None
320
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the queue_priority_last argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Specifies the time period in seconds during which the snmp notification event detector waits for the policy to exit. The time period is specified in ssssssssss[.mmm] format, where ssssssssss must be an integer representing seconds between 0 and
4294967295 and mmm must be an integer representing milliseconds between 0 and 999.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
(Optional) The direction of the incoming or outgoing
SNMP trap or inform PDU to filter. The default value is incoming.
(Optional) The action to be taken on the SNMP PDU
(drop it or send it) once the event is triggered. The default value is send.
EEM Event Registration Tcl Command Extensions event_register_snmp_object
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u event_severity {%s}" "oid {%s} oid_val {%s} src_ip_addr {%s} dest_ip_addr {%s} x_x_x_x_x
(varbinds) {%s} trunc_vb_buf {%s} trap_oid {%s} enterprise_oid {%s} generic_trap %u specific_trap %u"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec oid
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
An user specified object ID.
An user specified object ID value.
oid_val src_ip_addr
The source IP address of the SNMP protocol data unit
(PDU).
The destination IP address of the SNMP PDU.
dest_ip_addr x_x_x_x_x (varbinds) trap_oid enterprise_oid
The SNMP PDU varbind information.
Indicates the trap OID value.
Indicates the enterprise OID value.
generic_trap specific_trap
Indicates one of a number of generic trap types. There are seven generic trap numbers zero to six.
Indicates one of a number of specific trap codes.
event_register_snmp_object
Registers for a Simple Network Management Protocol (SNMP) object event. Use this Tcl command extension to replace the value when an SNMP with the specified SNMP-object ID (OID) is encountered on a specific interface or address.
Embedded Event Manager Configuration Guide
321
EEM Event Registration Tcl Command Extensions event_register_snmp_object
Syntax
event_register_snmp_object oid ?
type {int|uint|counter|counter64|gauge|ipv4||oid|string} sync {yes|no} skip {yes|no}
[istable {yes|no}]
[default ?]
[queue_priority {normal|low|high|last}]
[maxrun ?]
[nice {0|1}]
Arguments
oid (Mandatory) OID number of the data element in
SNMP dot notation (for example, 1.3.6.1.2.1.2.1.0).
If the specified OID ends with a dot (.), then all OIDs that start with the OID number before the dot are matched. The types of OIDs allowed are:
• COUNTER_TYPE
• COUNTER_64_TYPE
• GAUGE_TYPE
• INTEGER_TYPE
• OCTET_PRIM_TYPE
• OPAQUE_PRIM_TYPE
• TIME_TICKS_TYPE type sync skip istable
(Mandatory) OID value type.
(Mandatory) A "yes" means that the EEM policy will be notified. If the applet set_exit_status or Tcl return value is 0, then SNMP will handle the request. If the return value is 1, SNMP will use the value provided by the policy for the get request and will not process the set request. A "no" means that EEM will not be notified and SNMP will handle the request.
Only one OID can be associated with a synchronous policy. However, multiple synchronous policies can be registered for the same OID.
Mandatory if the sync argument is "no" and should not exist if the sync argument is "yes." If the skip argument is "yes," it means that SNMP will handle the request. If the skip argument is "no," it means that
SNMP will act as if the object does not exist.
(Optional) A value of "no" means the OID is scalar object, and "yes" means the OID is table object.
322
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
default maxrun queue_priority nice
event_register_snmp_object
(Optional) The time period during which the SNMP
Object event detector waits for the policy to exit
(specified in ssssssssss[.mmm] format, where ssssssssss must be an integer representing seconds between 0 and 4294967295, inclusive, and where mmm must be an integer representing milliseconds between 0 and 999). If the default time period expires before the policy exits, the default action will be executed. The default action is to process the set or get request normally by SNMP subsystem. If this argument is not specified, the default time period is set to 30 seconds.
(Optional) Maximum run time of the script (specified in ssssssss[.mmm] format, where ssssssss must be an integer representing seconds between 0 and 31536000, inclusive, and where mmm must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default 20-second run-time limit is used.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the queue_priority_last argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Embedded Event Manager Configuration Guide
323
EEM Event Registration Tcl Command Extensions event_register_syslog
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u event_severity {%s}" "oid {%s} request {%s} request_type {%s} value %u"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec event_severity oid request request_type value
The time, in seconds and milliseconds, when the event was published to the EEM.
The severity of the event.
The ID of the SNMP object in the received get or set request.
The get or set request type.
The type of request (exact or next).
For set requests only. The value to set the object to.
event_register_syslog
Registers for a syslog event. Use this Tcl command extension to trigger a policy when a syslog message of a specific pattern is logged after a certain number of occurrences during a certain period of time.
Syntax
event_register_syslog [tag ?] [occurs ?] [period ?] pattern ?
[priority all|emergencies|alerts|critical|errors|warnings|notifications| informational|debugging|0|1|2|3|4|5|6|7]
[queue_priority low|normal|high|last]
324
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_syslog
[severity_fatal] [severity_critical] [severity_major]
[severity_minor] [severity_warning] [severity_notification]
[severity_normal] [severity_debugging]
[maxrun ?] [nice 0|1]
Arguments
tag occurs period pattern priority
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Optional) Number of occurrences before the event is raised; if not specified, the event is raised on the first occurrence. If specified, the value must be greater than 0.
(Optional) Time interval, in seconds and milliseconds, during which the one or more occurrences must take place in order to raise an event (specified in
SSSSSSSSSS[.MMM] format where SSSSSSSSSS must be an integer number representing seconds between 0 and 4294967295, inclusive, and where
MMM represents milliseconds and must be an integer number between 0 and 999). If this argument is not specified, no period check is applied.
(Mandatory) A regular expression used to perform syslog message pattern match. This argument is what the policy uses to identify the logged syslog message.
(Optional) The message priority to be screened. If this argument is specified, only messages that are at the specified logging priority level, or lower, are screened. If this argument is not specified, the default priority is 0.
Embedded Event Manager Configuration Guide
325
EEM Event Registration Tcl Command Extensions event_register_syslog
queue_priority maxrun nice severity_xxx
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
(Optional) The event severity to be screened. If this argument is specified, only messages that are at the specified severity level are screened. See the table titled "Severity Level Mapping For Syslog Events" for the severity level mapping for syslog events.
If multiple conditions are specified, the syslog event will be raised when all the conditions are matched.
326
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_syslog
Table 28: Severity Level Mapping For Syslog Events
Severity Keyword
severity_fatal severity_critical severity_major severity_minor severity_warning severity_notification severity_normal severity_debugging
Syslog Priority
LOG_EMERG (0)
LOG_ALERT (1)
LOG_CRIT (2)
LOG_ERR (3)
LOG_WARNING (4)
LOG_NOTICE (5)
LOG_INFO (6)
LOG_DEBUG (7)
Description
System is unusable.
Critical conditions, immediate attention required.
Major conditions.
Minor conditions.
Warning conditions.
Basic notification, informational messages.
Normal event, indicates returning to a normal state.
Debugging messages.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u"
"msg {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec msg
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
The last syslog message that matches the pattern.
Embedded Event Manager Configuration Guide
327
EEM Event Registration Tcl Command Extensions event_register_timer
event_register_timer
Creates a timer and registers for a timer event as both a publisher and a subscriber. Use this Tcl command extension when there is a need to trigger a policy that is time specific or timer based. This event timer is both an event publisher and a subscriber. The publisher part indicates the conditions under which the named timer is to go off. The subscriber part identifies the name of the timer to which the event is subscribing.
Note
Both the CRON and absolute time specifications work on local time.
Syntax
event_register_timer [tag ?] watchdog|countdown|absolute|cron
[name ?] [cron_entry ?]
[time ?]
[queue_priority low|normal|high|last] [maxrun ?]
[nice 0|1]
Arguments
tag watchdog countdown absolute cron name
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Mandatory) Watchdog timer.
(Mandatory) Countdown timer.
(Mandatory) Absolute timer.
(Mandatory) CRON timer.
(Optional) Name of the timer.
328
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
cron_entry
event_register_timer
Embedded Event Manager Configuration Guide
329
event_register_timer
330
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Optional) Must be specified if the CRON timer type is specified. Must not be specified if any other timer type is specified. A cron_entry is a partial UNIX crontab entry (the first five fields) as used with the
UNIX CRON daemon.
A cron_entry specification consists of a text string with five fields. The fields are separated by spaces.
The fields represent the time and date when CRON timer events will be triggered. The fields are described in the table titled "Time and Date When CRON
Events Will Be Triggered."
Ranges of numbers are allowed. Ranges are two numbers separated with a hyphen. The specified range is inclusive. For example, 8-11 for an hour entry specifies execution at hours 8, 9, 10, and 11.
A field may be an asterisk (*), which always stands for "first-last."
Lists are allowed. A list is a set of numbers (or ranges) separated by commas. Examples: "1,2,5,9" and
"0-4,8-12".
Step values can be used in conjunction with ranges.
Following a range with "/<number>" specifies skips of the number’s value through the range. For example,
"0-23/2" can be used in the hour field to specify an event that is triggered every other hour. Steps are also permitted after an asterisk, so if you want to say
"every two hours", use "*/2".
Names can also be used for the month and the day of week fields. Use the first three letters of the particular day or month (case does not matter). Ranges or lists of names are not allowed.
The day on which a timer event is triggered can be specified by two fields: day of month and day of week. If both fields are restricted (that is, are not *), an event will be triggered when either field matches the current time. For example, "30 4 1,15 * 5" would cause an event to be triggered at 4:30 a.m. on the 1st and 15th of each month, plus every Friday.
Instead of the first five fields, one of seven special strings may appear. These seven special strings are described in the table titled "Special Strings for cron_entry."
Example 1: "0 0 1,15 * 1" would trigger an event at midnight on the 1st and 15th of each month, as well as on every Monday. To specify days by only one field, the other field should be set to *; "0 0 * * 1" would trigger an event at midnight only on Mondays.
EEM Event Registration Tcl Command Extensions
time queue_priority
event_register_timer
Example 2: "15 16 1 * *" would trigger an event at
4:15 p.m. on the first day of each month.
Example 3: "0 12 * * 1-5" would trigger an event at noon on Monday through Friday of each week.
Example 4: "@weekly" would trigger an event at midnight once a week on Sunday.
(Optional) Must be specified if a timer type other than
CRON is specified. Must not be specified if the
CRON timer type is specified. For watchdog and countdown timers, the number of seconds and milliseconds until the timer expires; for the absolute timer, the calendar time of the expiration time. Time is specified in SSSSSSSSSS[.MMM] format, where
SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where
MMM must be an integer representing milliseconds between 0 and 999. An absolute expiration date is the number of seconds and milliseconds since January 1,
1970. If the date specified has already passed, the timer expires immediately.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
Embedded Event Manager Configuration Guide
331
EEM Event Registration Tcl Command Extensions event_register_timer
maxrun nice
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Table 29: Time and Date When CRON Events Will Be Triggered
Field
minute hour day of month month day of week
Allowed Values
0-59
0-23
1-31
1-12 (or names, see below)
0-7 (0 or 7 is Sun, or names; see the table titled
"Special Strings for cron_entry")
Table 30: Special Strings for cron_entry
String
@yearly
@annually
@monthly
@weekly
@daily
@midnight
@hourly
Meaning
Trigger once a year, "0 0 1 1 *".
Same as @yearly.
Trigger once a month, "0 0 1 * *".
Trigger once a week, "0 0 * * 0".
Trigger once a day, "0 0 * * *".
Same as @daily.
Trigger once an hour, "0 * * * *".
332
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_timer_subscriber
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u"
"timer_type %s timer_time_sec %ld timer_time_msec %ld"
"timer_remain_sec %ld timer_remain_msec %ld"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec timer_type
The time, in seconds and milliseconds, when the event was published to the EEM.
Type of the timer. Can be one of the following:
• watchdog
• countdown
• absolute
timer_time_sec timer_time_msec timer_remain_sec timer_remain_msec
Time when the timer expired.
The remaining time before the next expiration.
See Also event_register_timer_subscriber
event_register_timer_subscriber
Registers for a timer event as a subscriber. Use this Tcl command extension to identify the name of the timer to which the event timer, as a subscriber, wants to subscribe. The event timer depends on another policy or another process to actually manipulate the timer. For example, let policyB act as a timer subscriber policy, but policyA (although it does not need to be a timer policy) uses register_timer, timer_arm, or timer_cancel
Tcl command extensions to manipulate the timer referenced in policyB.
Embedded Event Manager Configuration Guide
333
EEM Event Registration Tcl Command Extensions event_register_timer_subscriber
Syntax
event_register_timer_subscriber watchdog|countdown|absolute|cron name ? [queue_priority low|normal|high|last] [maxrun ?] [nice 0|1]
Arguments
watchdog countdown absolute cron name queue_priority maxrun
(Mandatory) Watchdog timer.
(Mandatory) Countdown timer.
(Mandatory) Absolute timer.
(Mandatory) CRON timer.
(Mandatory) Name of the timer.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
334
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
nice
event_register_timer_subscriber
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Note
An EEM policy that registers for a timer event or a counter event can act as both publisher and subscriber.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} event_pub_sec %u event_pub_msec %u"
"timer_type %s timer_time_sec %ld timer_time_msec %ld"
"timer_remain_sec %ld timer_remain_msec %ld"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec timer_type
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
Type of the timer. Can be one of the following:
• watchdog
• countdown
• absolute
timer_time_sec timer_time_msec timer_remain_sec timer_remain_msec
Time when the timer expired.
The remaining time before the next expiration.
Embedded Event Manager Configuration Guide
335
EEM Event Registration Tcl Command Extensions event_register_track
See Also event_register_timer
event_register_track
Registers for a report event from the Cisco IOS Object Tracking subsystem. Use this Tcl command extension to trigger a policy on the basis of a Cisco IOS Object Tracking subsystem report for a specified object number.
Syntax
event_register_track ? [tag ?] [state up|down|any] [queue_priority low|normal|high|last]
[maxrun ?]
[nice 0|1]
Arguments
? (represents a number) tag state
(Mandatory) Tracked object number in the range from
1 to 500, inclusive.
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Optional) Specifies that the tracked object transition will cause an event to be raised. If up is specified, an event will be raised when the tracked object transitions from a down state to an up state. If down is specified, an event will be raised when the tracked object transitions from an up state to a down state. If
any is specified, an event will be raised when the tracked object transitions to or from any state.
336
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_track
queue_priority maxrun nice
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
(Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
If an optional argument is not specified, the event matches all possible values of the argument.
Result String
None
Set _cerrno
No
Embedded Event Manager Configuration Guide
337
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"track_number {%u} track_state {%s}"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event ID.
event_type
Type of event.
event_type_string event_pub_sec event_pub_msec track_number
An ASCII string that represents the name of the event for this event type.
The time, in seconds and milliseconds, when the event was published to the EEM.
Number of the tracked object that caused the event to be triggered.
track_state
State of the tracked object when the event was triggered; valid states are up or down.
event_register_wdsysmon
Registers for a Watchdog system monitor event. Use this Tcl command extension to register for a composite event which is a combination of several subevents or conditions. For example, you can use this command to register for the combination of conditions wherein the CPU usage of a certain process is over 80 percent and the memory used by the process is greater than 50 percent of its initial allocation. This Tcl command extension is supported only in Software Modularity images.
Syntax
event_register_wdsysmon [tag ?] [timewin ?]
[sub12_op and|or|andnot]
[sub23_op and|or|andnot]
[sub34_op and|or|andnot]
[sub1 subevent-description]
[sub2 subevent-description]
[sub3 subevent-description]
[sub4 subevent-description] [node ?]
[queue_priority low|normal|high|last]
[maxrun ?] [nice 0|1]
Each argument is position independent.
338
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Note
Operator definitions: and (logical and operation), or (logical or operation), andnot (logical and not operation). For example, "sub12_op and" is defined as raise an event when subevent 1 and subevent 2 are true; "sub23_op or" is defined as raise an event when the condition specified in sub12_op is true or subevent
3 is true. The logic can be diagrammed using: if (((sub1 sub12_op sub2) sub23_op sub3) sub34_op sub4) is TRUE, raise event
Arguments
tag timewin sub12_op sub23_op sub34_op sub1 subevent-description sub2 sub3 sub4
(Optional) String identifying a tag that can be used with the trigger Tcl command extension to support multiple event statements within a Tcl script.
(Optional) Time window within which all of the subevents have to occur in order for an event to be generated (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999).
(Optional) Combination operator for comparison between subevent 1 and subevent 2.
(Optional) Combination operator for comparison between subevent 1 and 2 and subevent 3.
(Optional) Combination operator for comparison between subevent 1 and 2 and subevent 3 and subevent 4.
(Optional) Indicates that subevent 1 is specified.
(Optional) Syntax for the subevent.
(Optional) Indicates that subevent 2 is specified.
(Optional) Indicates that subevent 3 is specified.
(Optional) Indicates that subevent 4 is specified.
Embedded Event Manager Configuration Guide
339
event_register_wdsysmon
node queue_priority maxrun
340
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions
(Optional) The node name to be monitored for deadlock conditions is a string that consists of the word "node" followed by two fields separated by a slash character using the following format: node<slot-number>/<cpu-number>
The slot-number is the hardware slot number. The cpu-number is the hardware CPU number. For example, the SP CPU in a Supervisor card on a Cisco
Catalyst 6500 series switch located in slot 0 would be specified as node0/0. The RP CPU in a Supervisor card on a Cisco Catalyst 6500 series switch located in slot 0 would be addressed as node0/1. If the node argument is not specified, the default node specification is the local node on which the registration is done.
(Optional) Priority level at which the script will be queued:
• queue_priority low--Specifies that the script is to be queued at the lowest of the three priority levels.
• queue_priority normal--Specifies that the script is to be queued at a priority level greater than low priority but less than high priority.
• queue_priority high--Specifies that the script is to be queued at the highest of the three priority levels.
• queue_priority last--Specifies that the script is to be queued at the lowest priority level.
If more than one script is registered with the
"queue_priority_last" argument set, these scripts will execute in the order in which the events are published.
Note
The queue_priority argument specifies the queuing priority, but not the execution priority, of the script being registered.
If this argument is not specified, the default queuing priority is normal.
(Optional) Maximum run time of the script (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the default
20-second run-time limit is used.
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
nice (Optional) Policy run-time priority setting. When the nice argument is set to 1, the policy is run at a run-time priority that is less than the default priority.
The default value is 0.
Subevents
The syntax of subevent descriptions can be one of seven cases.
For arguments in subevent description, the following constraints apply on the value of number arguments:
• For dispatch_mgr, val must be an integer between 0 and 4294967295, inclusive.
• For cpu_proc and cpu_tot, val must be an integer between 0 and 100, inclusive.
• For mem_proc, mem_tot_avail, and mem_tot_used, if is_percent is FALSE, val must be an integer between 0 and 4294967295, inclusive.
1. deadlock procname ?
Arguments
procname (Mandatory) A regular expression that specifies the process name that you wish to monitor for deadlock conditions. This subevent will ignore the time window even if it is given.
2. dispatch_mgr [procname ?] [op gt|ge|eq|ne|lt|le] [val ?] [period ?]
Arguments
procname op val
(Optional) A regular expression that specifies the process name that you wish to monitor for dispatch_manager status.
(Optional) Comparison operator used to compare the collected number of events with the specified value; if true, an event will be raised.
(Optional) The value with which the number of events that have occurred should be compared.
Embedded Event Manager Configuration Guide
341
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
period (Optional) The time period for the number of events that have occurred (specified in
SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent sample is used.
3. cpu_proc [procname ?] [op gt|ge|eq|ne|lt|le] [val ?] [period ?]
Arguments
procname op val period
(Optional) A regular expression that specifies the process name that you wish to monitor for CPU utilization conditions.
(Optional) Comparison operator used to compare the collected CPU usage sample percentage with the specified percentage value; if true, an event will be raised.
(Optional) The percentage value with which the average CPU usage during the sample period should be compared.
(Optional) The time period for averaging the collection of samples (specified in
SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent sample is used.
4. cpu_tot [op gt|ge|eq|ne|lt|le] [val ?] [period ?]
Arguments
op val
(Optional) Comparison operator used to compare the collected total system CPU usage sample percentage with the specified percentage value; if true, an event will be raised.
(Optional) The percentage value with which the average CPU usage during the sample period should be compared.
342
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
period (Optional) The time period for averaging the collection of samples (specified in
SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent sample is used.
5. mem_proc [procname ?] [op gt|ge|eq|ne|lt|le] [val ?] [is_percent TRUE|FALSE] [period ?]
Arguments
procname op val is_percent period
(Optional) A regular expression that specifies the process name that you wish to monitor for memory usage.
(Optional) Comparison operator used to compare the collected memory used with the specified value; if true, an event will be raised.
(Optional) A percentage or an absolute value specified in kilobytes. A percentage represents the difference between the oldest sample in the specified time period and the latest sample. If memory usage has increased from 150 KB to 300 KB within the time period, the percentage increase is 100. This is the value with which the measured value should be compared.
(Optional) If TRUE, the percentage value is collected and compared. Otherwise, the absolute value is collected and compared.
(Optional) If is_percent is set to TRUE, the time period for the percentage to be computed. Otherwise, the time period for the collection samples to be averaged (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent sample is used.
6. mem_tot_avail [op gt|ge|eq|ne|lt|le] [val ?] [is_percent TRUE|FALSE] [period ?]
Embedded Event Manager Configuration Guide
343
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Arguments
op val is_percent period
(Optional) Comparison operator used to compare the collected available memory with the specified value; if true, an event will be raised.
(Optional) A percentage or an absolute value specified in kilobytes. A percentage represents the difference between the oldest sample in the specified time period and the latest sample. If available memory usage has decreased from 300 KB to 150 KB within the time period, the percentage decrease is 50. This is the value with which the measured value should be compared.
(Optional) If TRUE, the percentage value is collected and compared. Otherwise, the absolute value is collected and compared.
(Optional) If is_percent is set to TRUE, the time period for the percentage to be computed. Otherwise, the time period for the collection samples to be averaged (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent sample is used.
7. mem_tot_used [op gt|ge|eq|ne|lt|le] [val ?] [is_percent TRUE|FALSE] [period ?]
Arguments
op val is_percent
(Optional) Comparison operator used to compare the collected used memory with the specified value; if true, an event will be raised.
(Optional) A percentage or an absolute value specified in kilobytes. A percentage represents the difference between the oldest sample in the specified time period and the latest sample. If memory usage has increased from 150 KB to 300 KB within the time period, the percentage increase is 100. This is the value with which the measured value should be compared.
(Optional) If TRUE, the percentage value is collected and compared. Otherwise, the absolute value is collected and compared.
344
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
period (Optional) If is_percent is set to TRUE, the time period for the percentage to be computed. Otherwise, the time period for the collection samples to be averaged (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). If this argument is not specified, the most recent sample is used.
Note
This argument is mandatory if is_percent is set to TRUE; otherwise, it is optional.
Result String
None
Set _cerrno
No
Event_reqinfo
"event_id %u event_type %u event_type_string {%s} %u event_pub_sec %u event_pub_msec %u"
"num_subs %u"
Event Type Description event_id
Unique number that indicates the ID for this published event. Multiple policies may be run for the same event, and each policy will have the same event_id.
event_type event_type_string
Type of event.
An ASCII string that represents the name of the event for this event type.
event_pub_sec event_pub_msec num_subs
The time, in seconds and milliseconds, when the event was published to the EEM.
Subevent number.
Where the subevent info string is for a deadlock subevent:
"{type %s num_entries %u entries {entry 1, entry 2, ...}}"
Subevent Type Description type
Type of wdsysmon subevent.
num_entries
Number of processes and threads in the deadlock.
Embedded Event Manager Configuration Guide
345
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Subevent Type entries
Description
Information of processes and threads in the deadlock.
Where each entry is:
"{node {%s} procname {%s} pid %u tid %u state %s b_node %s b_procname %s b_pid %u b_tid %u}"
Assume that the entry describes the scenario in which Process A thread m is blocked on process B thread n:
Subevent Type node
Description
Name of the node that process A thread m is on.
procname
Name of process A.
pid tid state
Process ID of process A.
Thread ID of process A thread m.
Thread state of process A thread m. Can be one of the following:
• STATE_CONDVAR
• STATE_DEAD
• STATE_INTR
• STATE_JOIN
• STATE_MUTEX
• STATE_NANOSLEEP
• STATE_READY
• STATE_RECEIVE
• STATE_REPLY
• STATE_RUNNING
• STATE_SEM
• STATE_SEND
• STATE_SIGSUSPEND
• STATE_SIGWAITINFO
• STATE_STACK
• STATE_STOPPED
• STATE_WAITPAGE
• STATE_WAITTHREAD
346
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Subevent Type b_node b_procname b_pid b_tid
Description
Name of the node that process B thread is on.
Name of process B.
Process ID of process B.
Thread ID of process B thread n; 0 means that process
A thread m is blocked on all threads of process B.
For dispatch_mgr Subevent
"{type %s node {%s} procname {%s} pid %u value %u sec %ld msec %ld}"
Subevent Type Description type
Type of wdsysmon subevent.
node
Name of the node that the POSIX process is on.
procname pid value sec msec
POSIX process name for this subevent.
POSIX process ID for this subevent.
Note
The three fields above describe the owner process of this dispatch manager.
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the number of events processed by the dispatch manager is in the latest sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the total number of events processed by this dispatch manager is in the given time window.
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, they are both 0. If a time window is specified and is greater than zero in the event registration Tcl command extension, the sec and msec variables are the actual time difference between the time stamps of the oldest and latest samples in this time window.
For cpu_proc Subevent
"{type %s node {%s} procname {%s} pid %u value %u sec %ld msec %ld}"
Embedded Event Manager Configuration Guide
347
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Subevent Type type node procname pid value sec msec
Description
Type of wdsysmon subevent.
Name of the node that the POSIX process is on.
POSIX process name for this subevent.
POSIX process ID for this subevent.
Note
The three fields above describe the process whose CPU utilization is being monitored.
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the process CPU utilization is in the latest sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the averaged process CPU utilization is in the given time window.
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, they are both 0. If a time window is specified and is greater than zero in the event registration Tcl command extension, the sec and msec variables are the actual time difference between the time stamps of the oldest and latest samples in this time window.
For cpu_tot Subevent
"{type %s node {%s} value %u sec %ld msec %ld}"
Subevent Type Description type
Type of wdsysmon subevent.
node
Name of the node on which the total CPU utilization is being monitored.
value
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the total CPU utilization is in the latest sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the averaged total CPU utilization is in the given time window.
348
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Subevent Type sec msec
Description
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, they are both 0. If a time window is specified and is greater than zero in the event registration Tcl command extension, the sec and msec variables are the actual time difference between the time stamps of the oldest and latest samples in this time window.
For mem_proc Subevent
"{type %s node {%s} procname {%s} pid %u is_percent %s value %u diff %d sec %ld msec %ld}"
Subevent Type Description type
Type of wdsysmon subevent.
node procname pid is_percent
Name of the node that the POSIX process is on.
POSIX process name for this subevent.
POSIX process ID for this subevent.
Note
The three fields above describe the process whose memory usage is being monitored.
Can be either TRUE or FALSE. TRUE means that the value is a percentage value; FALSE means that the value is an absolute value (may be an averaged value).
value
Subevent Type
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the process used memory is in the latest sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the averaged process used memory utilization is in the given time window.
Description
Embedded Event Manager Configuration Guide
349
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Subevent Type diff sec msec
Description
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the diff is the percentage difference between the first process used memory sample ever collected and the latest process used memory sample.
If a time window is specified and is greater than zero in the event registration Tcl command extension, the
diff is the percentage difference between the oldest and latest process used memory utilization in the specified time window.
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, they are both 0. If a time window is specified and is greater than zero in the event registration Tcl command extension, the sec and msec variables are the actual time difference between the time stamps of the oldest and latest samples in this time window.
If the is_percent argument is FALSE, and the sec and msec arguments are specified as 0 or are unspecified in the event registration Tcl command extension:
• value is the process used memory in the latest sample.
• diff is 0.
• sec and msec are both 0.
If the is_percent argument is FALSE, and a time window is specified as greater than zero in the event registration Tcl command extension:
• value is the averaged process used memory sample value in the specified time window.
• diff is 0.
• sec and msec are both the actual time difference between the time stamps of the oldest and latest samples in this time window.
If the is_percent argument is TRUE, and a time window is specified as greater than zero in the event registration
Tcl command extension:
• value is 0.
• diff is the percentage difference between the oldest and latest process used memory samples in the specified time window.
• sec and msec are the actual time difference between the time stamps of the oldest and latest process used memory samples in this time window.
If the is_percent argument is TRUE, and the sec and msec arguments are specified as 0 or are unspecified in the event registration Tcl command extension:
350
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
• value is 0.
• diff is the percentage difference between the first process used memory sample ever collected and the latest process used memory sample.
• sec and msec are the actual time difference between the time stamps of the first process used memory sample ever collected and the latest process used memory sample.
For mem_tot_avail Subevent
"{type %s node {%s} is_percent %s used %u avail %u diff %d sec %ld msec %ld}"
Subevent Type Description type
Type of wdsysmon subevent.
node
Name of the node for which the total available memory is being monitored.
is_percent used
Can be either TRUE or FALSE. TRUE means that the value is a percentage value; FALSE means that the value is an absolute value (may be an averaged value).
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the total used memory is in the latest sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the averaged total used memory utilization is in the given time window.
avail diff
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the avail is in the latest total available memory sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the avail is the total available memory utilization in the specified time window.
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the diff is the percentage difference between the first total available memory sample ever collected and the latest total available memory sample.
If a time window is specified and is greater than zero in the event registration Tcl command extension, the
diff is the percentage difference between the oldest and latest total available memory utilization in the specified time window.
Embedded Event Manager Configuration Guide
351
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Subevent Type sec msec
Description
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, they are both 0. If a time window is specified and is greater than zero in the event registration Tcl command extension, they are the actual time difference between the time stamps of the oldest and latest samples in this time window.
If the is_percent argument is FALSE, and the sec and msec arguments are specified as 0 or are unspecified in the event registration Tcl command extension:
• used is the total used memory in the latest sample.
• avail is the total available memory in the latest sample.
• diff is 0.
• sec and msec are both 0.
If the is_percent argument is FALSE, and a time window is specified as greater than zero in the event registration Tcl command extension:
• used is 0.
• avail is the averaged total available memory sample value in the specified time window.
• diff is 0.
• sec and msec are both the actual time difference between the time stamps of the oldest and latest total available memory samples in this time window.
If the is_percent argument is TRUE, and a time window is specified as greater than zero in the event registration
Tcl command extension:
• used is 0.
• avail is 0.
• diff is the percentage difference between the oldest and latest total available memory samples in the specified time window.
• sec and msec are both the actual time difference between the time stamps of the oldest and latest total available memory samples in this time window.
If the is_percent argument is TRUE, and the sec and msec arguments are specified as 0 or are unspecified in the event registration Tcl command extension:
• used is 0.
• avail is 0.
• diff is the percentage difference between the first total available memory sample ever collected and the latest total available memory sample.
352
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
• sec and msec are the actual time difference between the time stamps of the first total available memory sample ever collected and the latest total available memory sample.
For mem_tot_used Subevent
"{type %s node {%s} is_percent %s used %u avail %u diff %d sec %ld msec %ld}"
Subevent Type Description type
Type of wdsysmon subevent.
node is_percent used avail
Name of the node for which the total used memory is being monitored.
Can be either TRUE or FALSE. TRUE means that the value is a percentage value; FALSE means that the value is an absolute value (may be an averaged value).
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the total used memory is in the latest sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the averaged total used memory utilization is in the given time window.
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the avail is in the latest total used memory sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the avail is the total used memory utilization in the specified time window.
diff
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, the diff is the percentage difference between the first total used memory sample ever collected and the latest total used memory sample. If a time window is specified and is greater than zero in the event registration Tcl command extension, the
diff is the percentage difference between the oldest and latest total used memory utilization in the specified time window.
Embedded Event Manager Configuration Guide
353
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
Subevent Type sec msec
Description
If the sec and msec variables are specified as 0 or are unspecified in the event registration Tcl command extension, they are both 0. If a time window is specified and is greater than zero in the event registration Tcl command extension, the sec and msec variables are the actual time difference between the time stamps of the oldest and latest samples in this time window.
If the is_percent argument is FALSE, and the sec and msec arguments are specified as 0 or are unspecified in the event registration Tcl command extension:
• used is the total used memory in the latest sample,
• avail is the total available memory in the latest sample,
• diff is 0,
• sec and msec are both 0,
If the is_percent argument is FALSE, and a time window is specified as greater than zero in the event registration Tcl command extension:
• used is the averaged total used memory sample value in the specified time window,
• avail is 0,
• diff is 0,
• sec and msec are both the actual time difference between the time stamps of the oldest and latest total used memory samples in this time window,
If the is_percent argument is TRUE, and a time window is specified as greater than zero in the event registration
Tcl command extension:
• used is 0.
• avail is 0.
• diff is the percentage difference between the oldest and latest total used memory samples in the specified time window.
• sec and msec are both the actual time difference between the time stamps of the oldest and latest total used memory samples in this time window.
If the is_percent argument is TRUE, and the sec and msec arguments are specified as 0 or are unspecified in the event registration Tcl command extension:
• used is 0.
• avail is 0.
• diff is the percentage difference between the first total used memory sample ever collected and the latest total used memory sample.
354
Embedded Event Manager Configuration Guide
EEM Event Registration Tcl Command Extensions event_register_wdsysmon
• sec and msec are the actual time difference between the time stamps of the first total used memory sample ever collected and the latest total used memory sample.
Note
Inside a subevent description, each argument is position independent.
Embedded Event Manager Configuration Guide
355
event_register_wdsysmon
EEM Event Registration Tcl Command Extensions
356
Embedded Event Manager Configuration Guide
C H A P T E R
11
EEM Event Tcl Command Extensions
The following conventions are used for the syntax documented on the Tcl command extension pages:
• An optional argument is shown within square brackets, for example:
[type ?]
• A question mark ? represents a variable to be entered.
• Choices between arguments are represented by pipes, for example: priority low|normal|high
Note
For all EEM Tcl command extensions, if there is an error, the returned Tcl result string contains the error information.
Note
Arguments for which no numeric range is specified take an integer from -2147483648 to 2147483647, inclusive.
•
•
event_completion_with_wait, page 358
•
•
event_completion
Sends a notification to the EEM server that the policy is done servicing the event that triggered it. The event only takes a single argument which is the return_code of this event instance.
Embedded Event Manager Configuration Guide
357
EEM Event Tcl Command Extensions event_completion_with_wait
Syntax
event_completion status ?
Arguments
status (Mandatory) Exit status (return_code) of this event instance. A value of zero indicates no error and any other integer value indicates an error.
Result String
None
Set _cerrno
No
event_completion_with_wait
The event_completion_with_wait command combines the two commands event_completion and event_wait into a single command for ease of use.
The event_completion command sends a notification to the EEM server that the policy is done servicing the event that triggered it. The event only takes a single argument which is the return_code of this event instance.
The event_wait places the Tcl policy into a sleep state. When the Tcl policy receives a new signal announcing a new event, the policy is placed into a wake state and again returns to a sleep state. This loop continues. If
event_wait policy is invoked before event_completed policy, an error results and the policy exits.
Syntax
event_completion_with_wait status ? [refresh_vars]
Arguments
status refresh_vars
(Mandatory) exit_status (return_code) of this event instance. A value of zero indicates no error. Any other integer value indicates an error.
(Optional) Indicates whether built-in and environment variables should be updated (refreshed) from the EEM
Policy Director during this event instance.
Result String
None
358
Embedded Event Manager Configuration Guide
EEM Event Tcl Command Extensions event_publish
Set _cerrno
Yes
Sample Usage
Here is a similar example as above using this single command: namespace import ::cisco::eem::* namespace import ::cisco::lib::* set i 1 while {1 == 1} { # Start high performance policy loop array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} action_syslog msg "event $i serviced" priority info if {$i == 5} { action_syslog msg "Exiting after servicing 5 events" priority info exit 0
} incr i array set _event_state_arr [event_completion_with_wait status 0 refresh_vars 1] if {$_event_state_arr(event_state) != 0} { action_syslog msg "Exiting: failed event_state " \
" $event_state_arr(event_state)" priority info exit 0
}
}
Note
The running configuration output is the same as the event_publishTcl command.
event_publish
Publishes an application-specific event.
Syntax
event_publish sub_system ? type ? [arg1 ?] [arg2 ?] [arg3 ?] [arg4 ?]
Arguments
sub_system type
(Mandatory) Number assigned to the EEM policy that published the application-specific event. Number is set to 798 because all other numbers are reserved for
Cisco use.
(Mandatory) Event subtype within the specified component. The sub_system and type arguments uniquely identify an application event. Must be an integer between 1 and 4294967295, inclusive.
Embedded Event Manager Configuration Guide
359
EEM Event Tcl Command Extensions event_publish
[arg1 ?]-[arg4 ?] (Optional) Four pieces of application event publisher string data.
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
Sample Usage
This example demonstrates how to use the event_publish Tcl command extension to execute a script n times repeatedly to perform some function (for example, to measure the amount of CPU time taken by a given group of Tcl statements). This example uses two Tcl scripts.
Script1 publishes a type 9999 EEM event to cause Script2 to run for the first time. Script1 is registered as a none event and is run using the Cisco IOS CLI event manager run command. Script2 is registered as an
EEM application event of type 9999, and this script checks to see if the application publish arg1 data (the iteration number) exceeds the EEM environment variable test_iterations value. If the test_iterations value is exceeded, the script writes a message and exits; otherwise the script executes the remaining statements and reschedules another run. To measure the CPU utilization for Script2, use a value of test_iterations that is a multiple of 10 to calculate the amount of average CPU time used by Script2.
To run the Tcl scripts, enter the following Cisco IOS commands: configure terminal event manager environment test_iterations 100 event manager policy script1.tcl
event manager policy script2.tcl
end event manager run script1.tcl
The Tcl script Script2 will be executed 100 times. If you execute the script without the extra processing and derive the average CPU utilization, and then add the extra processing and repeat the test, you can subtract the former CPU utilization from the later CPU utilization to determine the average for the extra processing.
Script1 (script1.tcl)
::cisco::eem::event_register_none namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# Query the event info.
array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} action_syslog priority info msg "EEM application_publish test start" if {$_cerrno != 0} { set result [format \
"component=%s; subsys err=%s; posix err=%s;\n%s" \
360
Embedded Event Manager Configuration Guide
EEM Event Tcl Command Extensions event_publish
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
# Cause the first iteration to run.
event_publish sub_system 798 type 9999 arg1 0 if {$_cerrno != 0} { set result [format \
"component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
Script2 (script2.tcl)
::cisco::eem::event_register_appl sub_system 798 type 9999
# Check if all the required environment variables exist.
# If any required environment variable does not exist, print out an error msg and quit.
if {![info exists test_iterations]} { set result \
"Policy cannot be run: variable test_iterations has not been set" error $result $errorInfo
} namespace import ::cisco::eem::* namespace import ::cisco::lib::*
# Query the event info.
array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
# Data1 contains the arg1 value used to publish this event.
set iter $arr_einfo(data1)
# Use the arg1 info from the previous run to determine when to end.
if {$iter >= $test_iterations} {
# Log a message.
action_syslog priority info msg "EEM application_publish test end" if {$_cerrno != 0} { set result [format \
"component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} exit 0
} set iter [expr $iter + 1]
# Log a message.
set msg [format "EEM application_publish test iteration %s" $iter] action_syslog priority info msg $msg if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
# Do whatever processing that you want to measure here.
# Cause the next iteration to run. Note that the iteration is passed to the
# next operation as arg1.
event_publish sub_system 798 type 9999 arg1 $iter if {$_cerrno != 0} { set result [format \
"component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
}
Embedded Event Manager Configuration Guide
361
EEM Event Tcl Command Extensions event_wait
event_wait
Places the Tcl policy into a sleep state. When the Tcl policy receives a new signal announcing a new event, the policy is placed into a wake state and again returns to a sleep state. This loop continues. If event_wait policy is invoked before event_completed policy, an error results and the policy exits.
Syntax
event_wait [refresh_vars]
Arguments
refresh_vars (Optional) Indicates whether built-in and environment variables should be updated (refreshed) from the EEM
Policy Director during this event instance.
Result String
None
Set _cerrno
No
Sample Usage
The event_wait event detector returns an array type value with a single element named event_state. Event_state is a value sent back from the EEM Server indicating whether or not an error has occurred in processing the event. An example of an error here would be if the user configured event_wait before configuring
event_completion when handling the event instance.
The following sample output shows the use of both event_completion and event_waitTcl commands:
::cisco::eem::event_register_syslog tag e1 occurs 1 pattern CLEAR maxrun 0 namespace import ::cisco::eem::* namespace import ::cisco::lib::* set i 1 while {1 == 1} { # Start high performance policy loop array set arr_einfo [event_reqinfo] if {$_cerrno != 0} { set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str] error $result
} action_syslog msg "event $i serviced" priority info if {$i == 5} { action_syslog msg "Exiting after servicing 5 events" priority info exit 0
} incr i event_completion status 0 array set _event_state_arr [event_wait refresh_vars 0] if {$_event_state_arr(event_state) != 0} { action_syslog msg "Exiting: failed event_state " \
" $event_state_arr(event_state)" priority info exit 0
362
Embedded Event Manager Configuration Guide
EEM Event Tcl Command Extensions event_wait
}
}
Here is an example of the running configuration:
Device#
01:00:44: %SYS-5-CONFIG_I: Configured from console by consoleclear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
01:00:49: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
01:00:49: %HA_EM-6-LOG: high_perf_example.tcl: event 1 serviced
Device#
Device#clear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
Device#
01:00:53: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
01:00:53: %HA_EM-6-LOG: high_perf_example.tcl: event 2 serviced
Device#clear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
Device#
01:00:56: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
01:00:56: %HA_EM-6-LOG: high_perf_example.tcl: event 3 serviced
Device#
Device#
Device#clear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
01:00:59: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
Device#
01:00:59: %HA_EM-6-LOG: high_perf_example.tcl: event 4 serviced
01:00:59: %HA_EM-6-LOG: high_perf_example.tcl: Exiting after servicing 5 events
Device#
Device#
Device#copy tftp disk1:
Address or name of remote host [dirt]?
Source filename [user/eem_scripts/high_perf_example.tcl]?
Destination filename [high_perf_example.tcl]?
%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Accessing tftp://dirt/user/eem_scripts/high_perf_example.tcl...
Loading user/eem_scripts/high_perf_example.tcl from 192.0.2.19 (via FastEthernet0/0): !
[OK - 909 bytes]
909 bytes copied in 0.360 secs (2525 bytes/sec)
Device#
Device#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Device(config)#no event manager policy high_perf_example.tcl
Device(config)#event manager po high_perf_example.tcl
Device(config)#end
Device#
Device#
Device#
Device#
01:02:19: %SYS-5-CONFIG_I: Configured from console by consoleclear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
01:02:23: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
Device#
Device#
01:02:23: %HA_EM-6-LOG: high_perf_example.tcl: event 1 serviced
Device#
Device#clear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
Device#
01:02:26: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
01:02:26: %HA_EM-6-LOG: high_perf_example.tcl: event 2 serviced
Device#
Device#clear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
Embedded Event Manager Configuration Guide
363
event_wait
EEM Event Tcl Command Extensions
Device#
01:02:29: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
01:02:29: %HA_EM-6-LOG: high_perf_example.tcl: event 3 serviced
Device#
Device#clear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
Device#
01:02:33: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
Device#
01:02:33: %HA_EM-6-LOG: high_perf_example.tcl: event 4 serviced
Device#
Device#clear counters
Clear "show interface" counters on all interfaces [confirm]
Device#
Device#
Device#
01:02:36: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
01:02:36: %HA_EM-6-LOG: high_perf_example.tcl: event 5 serviced
01:02:36: %HA_EM-6-LOG: high_perf_example.tcl: Exiting after servicing 5 events
Device#
Also while an event has been serviced and is waiting for the next event to come in show event manager
policy active command will display the following output:
Device#show event manager policy active
Key: p - Priority :L - Low, H - High, N - Normal, Z - Last s - Scheduling node :A - Active, S - Standby default class - 1 script event no.
job id
1 11 p s status
N A wait high_perf_example.tcl
time of event
Mon Oct20 14:15:24 2008 event type syslog name
In the above example the status is wait. This indicates that the policy is waiting for the next event to come in.
364
Embedded Event Manager Configuration Guide
C H A P T E R
12
EEM Library Debug Command Extensions
•
•
cli_debug
Prints a command-line interface (CLI) debug statement to syslog. This Tcl command extension is used to print a CLI debug statement to syslog if the debug event manager tcl cli_library Cisco IOS CLI command is in effect.
Syntax
cli_debug spec_string debug_string
Arguments
spec_string debug_string
(Mandatory) The spec_string argument is used to indicate the type of debug statement.
(Mandatory) The debug_string argument is used to indicate the debugging text.
Result String
None
Set _cerrno
No
Embedded Event Manager Configuration Guide
365
EEM Library Debug Command Extensions smtp_debug
smtp_debug
Prints a a Simple Mail Transfer Protocol (SMTP) debug statement to syslog. This Tcl command extension prints a SMTP debug statement to syslog if the debug event manager tcl smtp_library Cisco IOS command-line interface (CLI) command is in effect.
Syntax
smtp_debug spec_string debug_string
Arguments
spec_string debug_string
(Mandatory) The spec_string argument is used to indicate the type of debug statement.
(Mandatory) The debug_string argument is used to indicate the debugging text.
Result String
None
Set _cerrno
No
366
Embedded Event Manager Configuration Guide
C H A P T E R
13
EEM Multiple Event Support Tcl Command
Extensions
The following conventions are used for the syntax documented on the Tcl command extension pages:
• An optional argument is shown within square brackets, for example:
[type ?]
• A question mark ? represents a variable to be entered.
• Choices between arguments are represented by pipes, for example: priority low|normal|high
Note
For all EEM Tcl command extensions, if there is an error, the returned Tcl result string contains the error information.
Note
Arguments for which no numeric range is specified take an integer from -2147483648 to 2147483647, inclusive.
•
•
•
attribute
Specifies a complex event.
Embedded Event Manager Configuration Guide
367
EEM Multiple Event Support Tcl Command Extensions correlate
Syntax
attribute tag ? [occurs ?]
Arguments tag occurs
Specifies a tag using the event-tag argument that can be used with the attribute command to associate an event.
(Optional) Specifies the number of occurrences before an EEM event is triggered. If not specified, an EEM event is triggered on the first occurrence. The range is from 1 to 4294967295.
Result String
None
Set _cerrno
No
correlate
Builds a single complex event and allows boolean logic to relate events and tracked objects.
Syntax
correlate event ? track ? [andnot | and | or] event ? track ?
Arguments event track
Specifies the event that can be used with the trigger command to support multiple event statements within an script.
If the event associated with the event-tag argument occurs for the number of times specified by the
trigger command, the result is true. If not, the result is false.
Specifies the event object number for tracking. The range is from 1 to 500.
If the tracked object is set, the result of the evaluation is true. If the tracked object is not set or is undefined, the result of the evaluation is false. This result is regardless of the state of the object.
368
Embedded Event Manager Configuration Guide
EEM Multiple Event Support Tcl Command Extensions trigger
andnot
and or
(Optional) Specifies that if event 1 occurs the action is executed, and if event 2 and event 3 occur together the action is not executed.
(Optional) Specifies that if event 1 occurs the action is executed, and if event 2 and event 3 occur together the action is executed.
Note
When "and" is used to group events such as traps or syslog messages, then the default trigger occurrence window is three minutes.
(Optional) Specifies that if event 1 occurs the action is executed, or else if event 2 and event 3 occur together the action is executed.
Result String
None
Set _cerrno
No
trigger
Specifies the multiple event configuration ability of Embedded Event Manager (EEM) events. A multiple event is one that can involve one or more event occurrences, one or more tracked object states, and a time period for the event to occur. The events are raised based on the specified parameters.
Syntax
trigger [occurs ?] [period ?] [period-start ?] [delay ?]
Arguments occurs
(Optional) Specifies the number of times the total correlation occurs before an EEM event is raised.
When a number is not specified, an EEM event is raised on the first occurrence. The range is from 1 to
4294967295.
Embedded Event Manager Configuration Guide
369
trigger period period-start delay
Result String
None
Set _cerrno
No
EEM Multiple Event Support Tcl Command Extensions
(Optional) Time interval in seconds and optional milliseconds, during which the one or more occurrences must take place. This is specified in the format ssssssssss[.mmm], where ssssssssss must be an integer number representing seconds between 0 and 4294967295, inclusive and mmm represents milliseconds and must be an integer number between
0 to 999.
(Optional) Specifies the start of an event correlation window. If not specified, event monitoring is enabled after the first CRON period occurs.
(Optional) Specifies the number of seconds and optional milliseconds after which an event will be raised if all the conditions are true (specified in the format ssssssssss[.mmm], where ssssssssss must be an integer number representing seconds between 0 and 4294967295, inclusive and mmm represents milliseconds and must be an integer number between
0 to 999).
370
Embedded Event Manager Configuration Guide
C H A P T E R
14
EEM SMTP Library Command Extensions
All Simple Mail Transfer Protocol (SMTP) library command extensions belong to the ::cisco::lib namespace.
To use this library, the user needs to provide an e-mail template file. The template file can include Tcl global variables so that the e-mail service and the e-mail text can be configured through the event manager
environment Cisco IOScommand-line interface (CLI) configuration command. There are commands in this library to substitute the global variables in the e-mail template file and to send the desired e-mail context with the To address, CC address, From address, and Subject line properly configured using the configured e-mail server.
E-Mail Template
The e-mail template file has the following format:
Note
Based on RFC 2554, the SMTP e-mail server name--Mailservername-- can be in any one of the following template formats: username:password@host, username@host, or host.
Mailservername:<space><the list of candidate SMTP server addresses>
From:<space><the e-mail address of sender>
To:<space><the list of e-mail addresses of recipients>
Cc:<space><the list of e-mail addresses that the e-mail will be copied to>
Sourceaddr:<space><the IP addresses of the recipients>
Subject:<subject line>
<a blank line>
<body>
Note
Note that the template normally includes Tcl global variables for configuration.
In a Tcl policy, the port number can be specified by a "Port" line in the e-mail template. If port is not specified, the default port of 25 is used.
Below is a sample e-mail template file:
Mailservername: $_email_server
From: $_email_from
To: $_email_to
Cc: $_email_cc
Sourceaddr: $_email_ipaddr
Port: <port number>
Subject: From router $routername: Process terminated
Embedded Event Manager Configuration Guide
371
EEM SMTP Library Command Extensions smtp_send_email
process name: $process_name subsystem: $sub_system exit status: $exit_status respawn count: $respawn_count
•
•
smtp_send_email
Given the text of an e-mail template file with all global variables already substituted, sends the e-mail out using Simple Mail Transfer Protocol (SMTP). The e-mail template specifies the candidate mail server addresses,
To addresses, CC addresses, From address, subject line, and e-mail body.
Note
A list of candidate e-mail servers can be provided so that the library will try to connect the servers on the list one by one until it can successfully connect to one of them.
Syntax
smtp_send_email text
Arguments
text (Mandatory) The text of an e-mail template file with all global variables already substituted.
Result String
None
Set _cerrno
• Wrong 1st line format--Mailservername:list of server names.
• Wrong 2nd line format--From:from-address.
• Wrong 3rd line format--To:list of to-addresses.
• Wrong 4th line format--CC:list of cc-addresses.
• Error connecting to mail server:--$sock closed by remote server (where $sock is the name of the socket opened to the mail server).
• Error connecting to mail server:--$sock reply code is $k instead of the service ready greeting (where
$sock is the name of the socket opened to the mail server; $k is the reply code of $sock).
• Error connecting to mail server:--cannot connect to all the candidate mail servers.
• Error disconnecting from mail server:--$sock closed by remote server (where $sock is the name of the socket opened to the mail server).
372
Embedded Event Manager Configuration Guide
EEM SMTP Library Command Extensions smtp_subst
Sample Scripts
After all needed global variables in the e-mail template are defined: if [catch {smtp_subst [file join $tcl_library email_template_sm]} result] { puts stderr $result exit 1
} if [catch {smtp_send_email $result} result] { puts stderr $result exit 1
}
smtp_subst
Given an e-mail template file e-mail_template, substitutes each global variable in the file by its user-defined value. Returns the text of the file after substitution.
Syntax
smtp_subst e-mail_template
Arguments
e-mail_template (Mandatory) Name of an e-mail template file in which global variables need to be substituted by a user-defined value. An example filename could be
/disk0://example.template which represents a file named example.template in a top-level directory on an ATA flash disk in slot 0.
Result String
The text of the e-mail template file with all the global variables substituted.
Set _cerrno
• cannot open e-mail template file
• cannot close e-mail template file
Embedded Event Manager Configuration Guide
373
smtp_subst
EEM SMTP Library Command Extensions
374
Embedded Event Manager Configuration Guide
C H A P T E R
15
EEM System Information Tcl Command
Extensions
The following conventions are used for the syntax documented on the Tcl command extension pages:
• An optional argument is shown within square brackets, for example:
[type ?]
• A question mark ? represents a variable to be entered.
• Choices between arguments are represented by pipes, for example: priority low|normal|high
Note
All EEM system information commands--sys_reqinfo_xxx--have the Set _cerrno section set to yes.
Note
For all EEM Tcl command extensions, if there is an error, the returned Tcl result string contains the error information.
Note
Arguments for which no numeric range is specified take an integer from -2147483648 to 2147483647, inclusive.
•
sys_reqinfo_cli_freq, page 376
•
sys_reqinfo_cli_history, page 377
•
•
sys_reqinfo_crash_history, page 379
•
•
Embedded Event Manager Configuration Guide
375
EEM System Information Tcl Command Extensions sys_reqinfo_cli_freq
•
sys_reqinfo_proc_all, page 383
•
sys_reqinfo_routername, page 384
•
•
sys_reqinfo_syslog_freq, page 385
•
sys_reqinfo_syslog_history, page 386
sys_reqinfo_cli_freq
Queries the frequency information of all command-line interface (CLI) events.
Syntax
sys_reqinfo_cli_freq
Arguments
None
Result String
rec_list {{CLI frequency string 0},{CLI frequency str 1}, ...}
Where each CLI frequency string is: time_sec %ld time_msec %ld match_count %u raise_count %u occurs %u period_sec %ld period_msec %ld pattern {%s} rec_list Marks the start of the CLI event frequency list.
time_sec time_msec Last time when this CLI event was raised.
match count raise_count
Number of times that a CLI command matches the pattern specified by this CLI event specification.
Number of times that this CLI event was raised. The following fields are information about the CLI event specification:
• sync--A "yes" means that event publish should be performed sychronously. The event detector will be notified when the Event Manager Server has completed publishing the event. The Event
Manager Server will return a code that indicates whether or not the CLI command should be executed.
• skip--A "yes" means that the CLI command should not be executed if the sync flag is not set.
376
Embedded Event Manager Configuration Guide
EEM System Information Tcl Command Extensions sys_reqinfo_cli_history
occurs period_sec period_msec pattern
Set _cerrno
Yes
sys_reqinfo_cli_history
Queries the history of command-line interface (CLI) commands.
Syntax
sys_reqinfo_cli_history
Arguments
None
Result String
rec_list {{CLI history string 0}, {CLI history str 1},...}
Where each CLI history string is: time_sec %ld time_msec %ld cmd {%s} rec_list time_sec time_msec cmd
Marks the start of the CLI command history list.
Time when the CLI command was run.
Text of the CLI command.
Set _cerrno
Yes
Number of occurrences before an event is raised; if this argument is not specified, an event is raised on the first occurrence.
Number of occurrences must occur within this number of POSIX timer units in order to raise event; if this argument is not specified, it does not apply.
Regular expression used to perform CLI command pattern matching.
Embedded Event Manager Configuration Guide
377
EEM System Information Tcl Command Extensions sys_reqinfo_cpu_all
sys_reqinfo_cpu_all
Queries the CPU utilization of the top processes (both POSIX processes and IOS processes) during a specified time period and in a specified order. This Tcl command extension is supported only in Software Modularity images.
Syntax
sys_reqinfo_cpu_all order cpu_used [sec ?] [msec ?] [num ?]
Arguments
order cpu_used sec msec num
(Mandatory) Order used for sorting the CPU utilization of processes.
(Mandatory) Specifies that the average CPU utilization, for the specified time window, will be sorted in descending order.
(Optional) The time period, in seconds and milliseconds, during which the average CPU utilization is calculated. Must be integers in the range from 0 to 4294967295. If not specified, or if both sec and msec are specified as 0, the most recent CPU sample is used.
(Optional) Number of entries from the top of the sorted list of processes to be displayed. Must be an integer in the range from 1 to 4294967295. Default value is 5.
Result String
rec_list {{process CPU info string 0},{process CPU info string 1}, ...}
Where each process CPU info string is: pid %u name {%s} cpu_used %u rec_list pid name
Marks the start of the process CPU information list.
Process ID.
Process name.
378
Embedded Event Manager Configuration Guide
EEM System Information Tcl Command Extensions sys_reqinfo_crash_history
cpu_used Specifies that if sec and msec are specified with a number greater than zero, the average percentage is calculated from the process CPU utilization during the specified time period. If sec and msec are both zero or not specified, the average percentage is calculated from the process CPU utilization in the latest sample.
Set _cerrno
Yes
sys_reqinfo_crash_history
Queries the crash information of all processes that have ever crashed. This Tcl command extension is supported only in Software Modularity images.
Syntax
sys_reqinfo_crash_history
Arguments
None
Result String
rec_list {{crash info string 0},{crash info string 1}, ...}
Where each crash info string is: job_id %u name {%s} respawn_count %u fail_count %u dump_count %u inst_id %d exit_status 0x%x exit_type %d proc_state {%s} component_id 0x%x crash_time_sec %ld crash_time_msec %ld job_id System manager assigned job ID for the process. An integer between 1 and 4294967295, inclusive.
name respawn_count fail_count
Process name.
Total number of restarts for the process.
Number of restart attempts of the process. This count is reset to zero when the process is successfully restarted.
dump_count inst_id exit_status
Number of core dumps performed.
Process instance ID.
Last exit status of the process.
Embedded Event Manager Configuration Guide
379
EEM System Information Tcl Command Extensions sys_reqinfo_mem_all
exit_type proc_state component_id crash_time_sec crash_time_msec
Last exit type.
Sysmgr process states. One of the following: error, forced_stop, hold, init, ready_to_run, run, run_rnode, stop, waitEOltimer, wait_rnode, wait_spawntimer, wait_tpl.
Version manager assigned component ID for the component to which the process belongs.
Seconds and milliseconds since January 1, 1970, which represent the last time the process crashed.
Set _cerrno
Yes
sys_reqinfo_mem_all
Queries the memory usage of the top processes (both POSIX and IOS) during a specified time period and in a specified order. This Tcl command extension is supported only in Software Modularity images.
Syntax
sys_reqinfo_mem_all order allocates|increase|used [sec ?] [msec ?] [num ?]
Arguments
order allocates increase used
(Mandatory) Order used for sorting the memory usage of processes.
(Mandatory) Specifies that the memory usage is sorted by the number of process allocations during the specified time window, and in descending order.
(Mandatory) Specifies that the memory usage is sorted by the percentage of process memory increase during the specified time window, and in descending order.
(Mandatory) Specifies that the memory usage is sorted by the current memory used by the process.
380
Embedded Event Manager Configuration Guide
EEM System Information Tcl Command Extensions sys_reqinfo_mem_all
sec msec num
(Optional) The time period, in seconds and milliseconds, during which the process memory usage is calculated. Must be integers in the range from 0 to
4294967295. If both sec and msec are specified and are nonzero, the number of allocations is the difference between the number of allocations in the oldest and latest samples collected in the time period.
The percentage is calculated as the the percentage difference between the memory used in the oldest and latest samples collected in the time period. If not specified, or if both sec and msec are specified as 0, the first sample ever collected is used as the oldest sample; that is, the time period is set to be the time from startup until the current moment.
(Optional) Number of entries from the top of the sorted list of processes to be displayed. Must be an integer in the range from 1 to 4294967295. Default value is 5.
Result String
rec_list {{process mem info string 0},{process mem info string 1}, ...}
Where each process mem info string is: pid %u name {%s} delta_allocs %d initial_alloc %u current_alloc %u percent_increase %d rec_list Marks the start of the process memory usage information list.
pid Process ID.
name delta_allocs
Process name.
Specifies the difference between the number of allocations in the oldest and latest samples collected in the time period.
initial_alloc current_alloc percent_increase
Specifies the amount of memory, in kilobytes, used by the process at the start of the time period.
Specifies the amount of memory, in kilobytes, currently used by the process.
Specifies the percentage difference between the memory used in the oldest and latest samples collected in the time period. The percentage difference can be expressed as current_alloc minus initial_alloc times
100 and divided by initial_alloc.
Embedded Event Manager Configuration Guide
381
EEM System Information Tcl Command Extensions sys_reqinfo_proc
Set _cerrno
Yes
sys_reqinfo_proc
Queries the information about a single POSIX process. This Tcl command extension is supported only in
Software Modularity images.
Syntax
sys_reqinfo_proc job_id ?
Arguments
job_id (Mandatory) System manager assigned job ID for the process. Must be an integer between 1 and
4294967295, inclusive.
Result String
job_id %u component_id 0x%x name {%s} helper_name {%s} helper_path {%s} path {%s} node_name {%s} is_respawn %u is_mandatory %u is_hold %u dump_option %d max_dump_count %u respawn_count %u fail_count %u dump_count %u last_respawn_sec %ld last_respawn_msec %ld inst_id %u proc_state %s level %d exit_status 0x%x exit_type %d job_id System manager assigned job ID for the process. An integer between 1 and 4294967295, inclusive.
component_id name
Version manager assigned component ID for the component to which the process belongs.
Process name.
helper_name helper_path path node_name
Helper process name.
Executable path of the helper process.
Executable path of the process.
is_respawn is_mandatory
System manager assigned node name for the node to which the process belongs.
Flag that specifies that the process can be respawned.
Flag that specifies that the process must be alive.
382
Embedded Event Manager Configuration Guide
EEM System Information Tcl Command Extensions sys_reqinfo_proc_all
is_hold dump_option max_dump_count respawn_count fail_count dump_count last_respawn_sec last_respawn_msec inst_id proc_state level exit_status exit_type
Flag that specifies that the process is spawned until called by the API.
Core dumping options.
Maximum number of core dumping permitted.
Total number of restarts for the process.
Number of restart attempts of the process. This count is reset to zero when the process is successfully restarted.
Number of core dumps performed.
Seconds and milliseconds in POSIX timer units since
January 1, 1970, which represent the last time the process was started.
Process instance ID.
Sysmgr process states. One of the following: error, forced_stop, hold, init, ready_to_run, run, run_rnode, stop, waitEOltimer, wait_rnode, wait_spawntimer, wait_tpl.
Process run level.
Last exit status of the process.
Last exit type.
Set _cerrno
Yes
sys_reqinfo_proc_all
Queries the information of all POSIX processes. This Tcl command extension is supported only in Software
Modularity images.
Syntax
sys_reqinfo_proc_all
Arguments
None
Embedded Event Manager Configuration Guide
383
EEM System Information Tcl Command Extensions sys_reqinfo_routername
Result String
rec_list {{process info string 0}, {process info string 1},...}
Where each process info string is the same as the result string of the sysreq_info_proc Tcl command extension.
Set _cerrno
Yes
sys_reqinfo_routername
Queries the device name.
Syntax
sys_reqinfo_routername
Arguments
None
Result String
routername %s
Where routername is the name of the device.
Set _cerrno
Yes
sys_reqinfo_snmp
Queries the value of the entity specified by a Simple Network Management Protocol (SNMP) object ID.
Syntax
sys_reqinfo_snmp oid ? get_type exact|next
Arguments
oid get_type
(Mandatory) SNMP OID in dot notation (for example,
1.3.6.1.2.1.2.1.0).
(Mandatory) Type of SNMP get operation that needs to be applied to the specified oid. If the get_type is
"exact," the value of the specified oid is retrieved; if the get_type is "next," the value of the lexicographical successor to the specified oid is retrieved.
384
Embedded Event Manager Configuration Guide
EEM System Information Tcl Command Extensions sys_reqinfo_syslog_freq
Result String
oid {%s} value {%s} oid value
SNMP OID.
Value string of the associated SNMP data element.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 37) FH_ENOSNMPDATA (can't retrieve data from SNMP)
This error means that there was no data for the SNMP object type.
(_cerr_sub_err = 51) FH_ESTATSTYP (invalid statistics data type)
This error means that the SNMP statistics data type was invalid.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
sys_reqinfo_syslog_freq
Queries the frequency information of all syslog events.
Syntax
sys_reqinfo_syslog_freq
Arguments
None
Result String
rec_list {{event frequency string 0}, {log freq str 1}, ...}
Where each event frequency string is: time_sec %ld time_msec %ld match_count %u raise_count %u occurs %u period_sec %ld period_msec %ld pattern {%s} time_sec time_msec Seconds and milliseconds in POSIX timer units since
January 1, 1970, which represent the time the last event was raised.
Embedded Event Manager Configuration Guide
385
EEM System Information Tcl Command Extensions sys_reqinfo_syslog_history
match_count raise_count occurs period_sec period_msec pattern
Number of times that a syslog message matches the pattern specified by this syslog event specification since event registration.
Number of times that this syslog event was raised.
Number of occurrences needed in order to raise the event; if not specified, the event is raised on the first occurrence.
Number of occurrences must occur within this number of POSIX timer units in order to raise the event; if not specified, the period check does not apply.
Regular expression used to perform syslog message pattern matching.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 9) FH_EMEMORY (insufficient memory for request)
This error means that an internal EEM request for memory failed.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 45) FH_ESEQNUM (sequence or workset number out of sync)
This error means that the event detector sequence or workset number was invalid.
(_cerr_sub_err = 46) FH_EREGEMPTY (registration list is empty)
This error means that the event detector registration list was empty.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
sys_reqinfo_syslog_history
Queries the history of the specified syslog message.
Syntax
sys_reqinfo_syslog_history
386
Embedded Event Manager Configuration Guide
EEM System Information Tcl Command Extensions sys_reqinfo_syslog_history
Arguments
None
Result String
rec_list {{log hist string 0}, {log hist str 1}, ...}
Where each log hist string is: time_sec %ld time_msec %ld msg {%s} time_sec time_msec msg
Seconds and milliseconds since January 1, 1970, which represent the time the message was logged.
Syslog message.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 44) FH_EHISTEMPTY (history list is empty)
This error means that the history list was empty.
(_cerr_sub_err = 45) FH_ESEQNUM (sequence or workset number out of sync)
This error means that the event detector sequence or workset number was invalid.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
Embedded Event Manager Configuration Guide
387
sys_reqinfo_syslog_history
EEM System Information Tcl Command Extensions
388
Embedded Event Manager Configuration Guide
C H A P T E R
16
EEM Utility Tcl Command Extensions
The following conventions are used for the syntax documented on the Tcl command extension pages:
• An optional argument is shown within square brackets, for example:
[type ?]
• A question mark ? represents a variable to be entered.
• Choices between arguments are represented by pipes, for example: priority low|normal|high
Note
For all EEM Tcl command extensions, if there is an error, the returned Tcl result string contains the error information.
Note
Arguments for which no numeric range is specified take an integer from -2147483648 to 2147483647, inclusive.
•
•
•
•
•
•
•
•
•
•
Embedded Event Manager Configuration Guide
389
EEM Utility Tcl Command Extensions appl_read
•
appl_read
Reads Embedded Event Manager (EEM) application volatile data. This Tcl command extension provides support for reading EEM application volatile data. EEM application volatile data can be published by a Cisco software process that uses the EEM application publish API. EEM application volatile data cannot be published by an EEM policy.
Note
Currently there are no Cisco software processes that publish application volatile data.
Syntax
appl_read name ? length ?
Arguments
name length
(Mandatory) Name of the application published string data.
(Mandatory) Length of the string data to read. Must be an integer number between 1 and 4294967295, inclusive.
Result String
data %s
Where data is the application published string data to be read.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 7) FH_ENOSUCHKEY (could not find key)
This error means that the application event detector info key or other ID was not found.
(_cerr_sub_err = 9) FH_EMEMORY (insufficient memory for request)
This error means that an internal EEM request for memory failed.
390
Embedded Event Manager Configuration Guide
EEM Utility Tcl Command Extensions appl_reqinfo
appl_reqinfo
Retrieves previously saved information from the Embedded Event Manager (EEM). This Tcl command extension provides support for retrieving information from EEM that has been previously saved with a unique key, which must be specified in order to retrieve the information. Note that retrieving the information deletes it from EEM. It must be resaved if it is to be retrieved again.
Syntax
appl_reqinfo key ?
Arguments
key (Mandatory) The string key of the data.
Result String
data %s
Where data is the application string data to be retrieved.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 7) FH_ENOSUCHKEY (could not find key)
This error means that the application event detector info key or other ID was not found.
appl_setinfo
Saves information in the Embedded Event Manager (EEM). This Tcl command extension provides support for saving information in the Embedded Event Manager that can be retrieved later by the same policy or by another policy. A unique key must be specified. This key allows the information to be retrieved later.
Syntax
appl_setinfo key ? data ?
Arguments
key data
(Mandatory) The string key of the data.
(Mandatory) The application string data to save.
Embedded Event Manager Configuration Guide
391
EEM Utility Tcl Command Extensions counter_modify
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 8) FH_EDUPLICATEKEY (duplicate appl info key)
This error means that the application event detector info key or other ID was a duplicate.
(_cerr_sub_err = 9) FH_EMEMORY (insufficient memory for request)
This error means that an internal EEM request for memory failed.
(_cerr_sub_err = 34) FH_EMAXLEN (maximum length exceeded)
This error means that the object length or number exceeded the maximum.
(_cerr_sub_err = 43) FH_EBADLENGTH (bad API length)
This error means that the API message length was invalid.
counter_modify
Modifies a counter value.
Syntax
counter_modify event_id ? val ? op nop|set|inc|dec
Arguments
event_id val
(Mandatory) The counter event ID returned by the
register_counter Tcl command extension. Must be an integer between 0 and 4294967295, inclusive.
(Mandatory)
Note
Mandatory except when the op nop argument value combination is specified.
• If op is set, this argument represents the counter value that is to be set.
• If op is inc, this argument is the value by which to increment the counter.
• If op is dec, this argument is the value by which to decrement the counter.
392
Embedded Event Manager Configuration Guide
EEM Utility Tcl Command Extensions description
op (Mandatory)
• nop--Retrieves the current counter value.
• set--Sets the counter value to the given value.
• inc--Increments the counter value by the given value.
• dec--Decrements the counter value by the given value.
Result String
val_remain %d
Where val_remain is the current value of the counter.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 11) FH_ENOSUCHESID (unknown event specification ID)
This error means that the event specification ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 30) FH_ECTBADOPER (bad counter threshold operator)
This error means that the counter event detector set or modify operator was invalid.
description
Provides a brief description of the registered policy.
Syntax
description ?
Arguments
line (Optional) Brief description of the policy consisting of 1 to 240 characters.
Embedded Event Manager Configuration Guide
393
EEM Utility Tcl Command Extensions fts_get_stamp
Result String
None
Set _cerrno
Yes
Sample Usage
The description statement is entered by the author of the policy. It can appear before or after any event registration statement in Tcl. The policy can have only one description.
Note
Registration of a policy with more than one description statement will fail.
The following example shows how a brief description is provided for the event_register_syslog policy:
::cisco::eem::description "This Tcl command looks for the word count in syslog messages."
::cisco::eem::event_register_syslog tag 1 ...
::cisco::eem::event_register_snmp_object tag 2 ...
::cisco::eem::trigger {
::cisco::eem::correlate event 1 and event 2
::cisco::eem::attribute tag 1 occurs 1
::cisco::eem::attribute tag 2 occurs 1
}
fts_get_stamp
Returns the time period elapsed since the last software boot. Use this Tcl command extension to return the number of nanoseconds since boot in an array "nsec nnnn" where nnnn is the number of nanoseconds.
Syntax
fts_get_stamp
Arguments
None
Result String
nsec %d
Where nsec is the number of nanoseconds since boot.
Set _cerrno
No
394
Embedded Event Manager Configuration Guide
EEM Utility Tcl Command Extensions register_counter
register_counter
Registers a counter and returns a counter event ID. This Tcl command extension is used by a counter publisher to perform this registration before using the event ID to manipulate the counter.
Syntax
register_counter name ?
Arguments
name (Mandatory) The name of the counter to be manipulated.
Result String
event_id %d event_spec_id %d
Where event_id is the counter event ID for the specified counter; it can be used to manipulate the counter by the unregister_counter or counter_modify Tcl command extensions. The event_spec_id argument is the event specification ID for the specified counter.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 4) FH_EINITONCE (Init() is not yet done, or done twice.)
This error means that the request to register the specific event was made before the EEM event detector had completed its initialization.
(_cerr_sub_err = 6) FH_EBADEVENTTYPE (unknown EEM event type)
This error means that the event type specified in the internal event specification was invalid.
(_cerr_sub_err = 9) FH_EMEMORY (insufficient memory for request)
This error means that an internal EEM request for memory failed.
(_cerr_sub_err = 10) FH_ECORRUPT (internal EEM API context is corrupt)
This error means that the internal EEM API context structure is corrupt.
(_cerr_sub_err = 11) FH_ENOSUCHESID (unknown event specification ID)
This error means that the event specification ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 12) FH_ENOSUCHEID (unknown event ID)
Embedded Event Manager Configuration Guide
395
EEM Utility Tcl Command Extensions register_timer
This error means that the event ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 16) FH_EBADFMPPTR (bad ptr to fh_p data structure)
This error means that the context pointer that is used with each EEM API call is incorrect.
(_cerr_sub_err = 17) FH_EBADADDRESS (bad API control block address)
This error means that a control block address that was passed in the EEM API was incorrect.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 25) FH_ESUBSEXCEED (number of subscribers exceeded)
This error means that the number of timer or counter subscribers exceeded the maximum.
(_cerr_sub_err = 26) FH_ESUBSIDXINV (invalid subscriber index)
This error means that the subscriber index was invalid.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
(_cerr_sub_err = 56) FH_EFDCONNERR (event detector connection error)
This error means that the EEM event detector that handles this request is not available.
register_timer
Registers a timer and returns a timer event ID. This Tcl command extension is used by a timer publisher to perform this registration before using the event ID to manipulate the timer if it does not use the
event_register_timer command extension to register as a publisher and subscriber.
Syntax
register_timer watchdog|countdown|absolute|cron name ?
Arguments
name (Mandatory) The name of the timer to be manipulated.
Result String
event_id %u
Where event_id is the timer event ID for the specified timer (can be used to manipulate the timer by the
timer_arm or timer_cancel command extensions).
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
396
Embedded Event Manager Configuration Guide
EEM Utility Tcl Command Extensions timer_arm
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 4) FH_EINITONCE (Init() is not yet done, or done twice.)
This error means that the request to register the specific event was made before the EEM event detector had completed its initialization.
(_cerr_sub_err = 6) FH_EBADEVENTTYPE (unknown EEM event type)
This error means that the event type specified in the internal event specification was invalid.
(_cerr_sub_err = 9) FH_EMEMORY (insufficient memory for request)
This error means that an internal EEM request for memory failed.
(_cerr_sub_err = 10) FH_ECORRUPT (internal EEM API context is corrupt)
This error means that the internal EEM API context structure is corrupt.
(_cerr_sub_err = 11) FH_ENOSUCHESID (unknown event specification ID)
This error means that the event specification ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 16) FH_EBADFMPPTR (bad ptr to fh_p data structure)
This error means that the context pointer that is used with each EEM API call is incorrect.
(_cerr_sub_err = 17) FH_EBADADDRESS (bad API control block address)
This error means that a control block address that was passed in the EEM API was incorrect.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 25) FH_ESUBSEXCEED (number of subscribers exceeded)
This error means that the number of timer or counter subscribers exceeded the maximum.
(_cerr_sub_err = 26) FH_ESUBSIDXINV (invalid subscriber index)
This error means that the subscriber index was invalid.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
(_cerr_sub_err = 56) FH_EFDCONNERR (event detector connection error)
This error means that the EEM event detector that handles this request is not available.
timer_arm
Arms a timer. The type could be CRON, watchdog, countdown, or absolute.
Syntax
timer_arm event_id ? cron_entry ?|time ?
Embedded Event Manager Configuration Guide
397
EEM Utility Tcl Command Extensions timer_arm
Arguments
event_id cron_entry time
(Mandatory) The timer event ID returned by the
register_timer command extension. Must be an integer between 0 and 4294967295, inclusive.
(Mandatory) Must exist if the timer type is CRON.
Must not exist for other types of timer. CRON timer specification uses the format of the CRON table entry.
(Mandatory) Must exist if the timer type is not CRON.
Must not exist if the timer type is CRON. For watchdog and countdown timers, the number of seconds and milliseconds until the timer expires; for an absolute timer, the calendar time of the expiration time (specified in SSSSSSSSSS[.MMM] format, where SSSSSSSSSS must be an integer representing seconds between 0 and 4294967295, inclusive, and where MMM must be an integer representing milliseconds between 0 and 999). An absolute expiration date is the number of seconds and milliseconds since January 1, 1970. If the date specified has already passed, the timer expires immediately.
Result String
sec_remain %ld msec_remain %ld
Where sec_remain and msec_remain are the remaining time before the next expiration of the timer.
Note
A value of 0 will be returned for the sec_remain and msec_remain arguments if the timer type is CRON.
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 6) FH_EBADEVENTTYPE (unknown EEM event type)
This error means that the event type specified in the internal event specification was invalid.
(_cerr_sub_err = 9) FH_EMEMORY (insufficient memory for request)
This error means that an internal EEM request for memory failed.
(_cerr_sub_err = 11) FH_ENOSUCHESID (unknown event specification ID)
398
Embedded Event Manager Configuration Guide
EEM Utility Tcl Command Extensions timer_cancel
This error means that the event specification ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 12) FH_ENOSUCHEID (unknown event ID)
This error means that the event ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 27) FH_ETMDELAYZR (zero delay time)
This error means that the time specified to arm a timer was zero.
(_cerr_sub_err = 42) FH_ENOTREGISTERED (request for event spec that is unregistered)
This error means that the event was not registered.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
(_cerr_sub_err = 56) FH_EFDCONNERR (event detector connection error)
This error means that the EEM event detector that handles this request is not available.
timer_cancel
Cancels a timer.
Syntax
timer_cancel event_id ?
Arguments
event_id (Mandatory) The timer event ID returned by the
register_timer command extension. Must be an integer between 0 and 4294967295, inclusive.
Result String
sec_remain %ld msec_remain %ld
Where sec_remain and msec_remain are the remaining time before the next expiration of the timer.
Note
A value of 0 will be returned for sec_remain and msec_remain if the timer type is CRON .
Embedded Event Manager Configuration Guide
399
EEM Utility Tcl Command Extensions unregister_counter
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 6) FH_EBADEVENTTYPE (unknown EEM event type)
This error means that the event type specified in the internal event specification was invalid.
(_cerr_sub_err = 7) FH_ENOSUCHKEY (could not find key)
This error means that the application event detector info key or other ID was not found.
(_cerr_sub_err = 11) FH_ENOSUCHESID (unknown event specification ID)
This error means that the event specification ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 12) FH_ENOSUCHEID (unknown event ID)
This error means that the event ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
(_cerr_sub_err = 56) FH_EFDCONNERR (event detector connection error)
This error means that the EEM event detector that handles this request is not available.
unregister_counter
Unregisters a counter. This Tcl command extension is used by a counter publisher to unregister a counter that was previously registered with the register_counter Tcl command extension.
Syntax
unregister_counter event_id ? event_spec_id ?
Arguments
event_id event_spec_id
(Mandatory) Counter event ID returned by the
register_counter command extension. Must be an integer between 0 and 4294967295, inclusive.
(Mandatory) Counter event specification ID for the specified counter returned by the
register_countercommand extension. Must be an integer between 0 and 4294967295, inclusive.
400
Embedded Event Manager Configuration Guide
EEM Utility Tcl Command Extensions unregister_counter
Result String
None
Set _cerrno
Yes
(_cerr_sub_err = 2) FH_ESYSERR (generic/unknown error from OS/system)
This error means that the operating system reported an error. The POSIX errno value that is reported with the error should be used to determine the cause of the operating system error.
(_cerr_sub_err = 9) FH_EMEMORY (insufficient memory for request)
This error means that an internal EEM request for memory failed.
(_cerr_sub_err = 11) FH_ENOSUCHESID (unknown event specification ID)
This error means that the event specification ID could not be matched when the event was being registered or that an event detector internal event structure is corrupt.
(_cerr_sub_err = 22) FH_ENULLPTR (event detector internal error - ptr is null)
This error means that an internal EEM event detector pointer was null when it should have contained a value.
(_cerr_sub_err = 26) FH_ESUBSIDXINV (invalid subscriber index)
This error means that the subscriber index was invalid.
(_cerr_sub_err = 54) FH_EFDUNAVAIL (connection to event detector unavailable)
This error means that the event detector was unavailable.
(_cerr_sub_err = 56) FH_EFDCONNERR (event detector connection error)
This error means that the EEM event detector that handles this request is not available.
Embedded Event Manager Configuration Guide
401
unregister_counter
EEM Utility Tcl Command Extensions
402
Embedded Event Manager Configuration Guide
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project