cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1493
Views
2
Helpful
14
Replies

EEM script issue while Backup on copy running-config startup-config

vishalsahu
Level 1
Level 1

Hello

I working an organisation. There I am using EEM script to take backup when any user put copy running-config startup-config command in Nexus switch. But I am getting error % command blocked by event manager policy. Below is the script for reference

event manager applet BACKUP_CONFIG

 Event cli match "copy running-config startup-config"

 action 1.0 cli command "copy running-config tftp://tftp-server/backup_config.txt"

action 2.0 syslog msg Backup copied successfully

 

Kindly help here 

@TAC 

14 Replies 14

 Event cli pattern "copy running-config startup-config" sync YES <- Sync Yes use if you want this command to run 

MHM

In Nexus 9k  switch there is no that kind of command. Above mentioned cmd only there have. Can you suggest me how to bypass error with policy default. Earlier i read somewhere but I misplaced the post.

 

Hi 

Already tried, But there i cannot override it. Might be Some argument have to pass on it 

event manager applet applet-name override system-policy 
here you need to know if you apply system-policy and it name 
did you check you all config about the system-policy ?
MHM

I think this statement answer your Q

  • If you want to allow a triggered event to process any default actions, you must configure the EEM policy to allow the default action. For example, if you match a CLI command in a match statement, you must add the event-default action statement to the EEM policy or EEM will not allow the CLI command to execute.

r.heitmann
Level 1
Level 1

In some Cisco Nexus N9K-NXOS-Releases, there is a workaround needed to execute "critical" commands.

* usually it works in EEM-Applets to

a) "source out" the original command to a "cli alias" and

b) call that "alias" from the applet

similar to that:  

conf t
  cli alias name wrbak copy running-config tftp://tftp-server/backup_config.txt

  event manager applet  BACKUP_CONFIG
    no action 1.0
    action 1.0 cli command "wrbak"

end

 

 

  

Hello

I tried but nothing works. But I have remembered somewhere i find the solution for this by adding policy default cmd but I missed that post

 

did you add event-default

to event ?
MHM

Yes.

can I see the EEM after you add event-default
MHM

event manager applet FTPBackup

 event cli match "copy running-config startup-config"

 action 0.3 syslog msg "Backup started."

 action 0.5 cli command "enable" 

 action 1.0 cli command "copy running-config ftp://user:password@ourserver.com/path/$(SWITCHNAME)_$(TIMESTAMP) vrf default" 

 action 1.6 syslog msg "Backup ended."

 action 2.0 event-default

r.heitmann
Level 1
Level 1

I know - not what you might want, but would work out of the box:

* CLI-Alias with 2x commands instead of EEM:

 

cli alias name wr copy running-config startup-config ; copy running-config ftp://***FTPUSERNAME***:***FTPPASSWORD***@***FTPSERVERIP***/$(SWITCHNAME)-conf.$(TIMESTAMP) vrf default

 

Rebellious Geek
Level 1
Level 1

Try putting the "event-default" as your first action. That solved it for me.

Initially, I had this setup and received the "% Command blocked by event manager policy" error:

event manager applet Switch-Config-Backup
description "Backup Running Config To FTP Server"
event cli match "copy running-config startup-config"
action 1.0 cli run-script bootflash:Switch-Config-Backup
action 2.0 event-default

However, when I reversed the actions as follows, the "copy run start" command ran without errors:

event manager applet Switch-Config-Backup
description "Backup Running Config To FTP Server"
event cli match "copy running-config startup-config"
action 1.0 event-default
action 2.0 cli run-script bootflash:Switch-Config-Backup

My Switch-Config-Backup script contains the following line:

copy running-config ftp://<FTP-Username>:<FTP-Password>@<FTP-Server>/path/path/$(SWITCHNAME)/$(SWITCHNAME)---$(TIMESTAMP).txt vrf default

Hope this helps.