Solved: Nexus EEM Script not working

bunjiega · ‎11-03-2023

Is there something basic I am missing with any of these EEM scripts? I can't get any of them to work. I have tried on a physical 7k and two virtual 9k's running different code.

Here is a basic example of where I don't see any syslog being generated:

NX-1(config)# sh run eem
event manager applet TEST
  event cli match "interface loopback1"
  action 1.0 syslog priority critical msg TESTMESSAGE
!
NX-1(config)# interface loopback1
NX-1(config-if)# exit
NX-1(config)# show logg last 2
2023 Nov  4 02:26:41 switch %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on console0
2023 Nov  4 02:28:40 switch %ETHPORT-5-IF_UP: Interface loopback1 is up 
!  <-- Not seeing the syslog here

Here is one more advanced example where I am trying to make a configuration change when a track object goes up or down
I am trying to add a route-map when the track is up and remove that route-map when the track is down:

NX-3# sh run track
track 1 ip route 10.50.50.10/32 reachability hmm          <--Tracking when I learn this prefix locally
  vrf member myvrf_50000
!
NX-3# sh track
Track 1
  IP Route 10.50.50.10/32 Reachability
  Reachability is DOWN                                              !<--Note it is down to begin with since I am
  13 changes, last change 00:00:35                                  !     learning it from a remote switch 
  VPN Routing/Forwarding table "myvrf_50000"
!
! What I want to do is ether ADD or REMOVE a route-map when the track object goes up or down
! Here are the EEM scripts:
NX-3# sh run eem
event manager applet ADD_ROUTE_MAP
  description "Set LOCALPREF High for firewall routes"
  event track 1 state up
  action 1 cli config term
  action 2 cli router bgp 65111
  action 3 cli vrf myvrf_50000
  action 5 cli address-family ipv4 unicast
  action 6 cli route-map RM-FIREWALL in
!
event manager applet REMOVE_ROUTE_MAP
  description "Unset LOCALPREF for firewall routes"
  event track 1 state down
  action 1 cli config term
  action 2 cli router bgp 65111
  action 3 cli vrf myvrf_50000
  action 5 cli address-family ipv4 unicast
  action 6 cli no route-map RM-FIREWALL in 
!
! Now I will generate the event (fail a firewall over) to make the track object come up
NX-3# sh track
Track 1
  IP Route 10.50.50.10/32 Reachability
  Reachability is UP                            <-- Up now
  14 changes, last change 00:00:04
  VPN Routing/Forwarding table "myvrf_50000"
!
! However, even though the track is up, the route-map does not get applied:
NX-3# sh run bgp | i RM-FIREWALL
(no result)
! I don't even see that it tried to apply the configuration
! The route-map is very simple:
NX-3# sh run | sec route-map
route-map RM-FIREWALL permit 10
  set local-preference 101

I ran "debug evms all" but it showed nothing relevant, and of course I have looked at several docs and examples online and can't figure out if it is not working, or just not working as I am expecting it to work.

I have been looking at this for a couple hours now and just hoping another set of eyes will catch something I am missing.
Thanks!

f00z · ‎11-03-2023

Um, can't just apply route-map under 'address-family ipv4 unicast' .. try it in regular config mode and see. Need to apply to a neighbor or peer group (or a nexthop or a redistribute or a network statement)

take a look at ' show event manager events action-log ' (at least i think that's the command, not in front of it to test)

also i believe the event cli match you need to tell it that it's in config mode so has to be like "conf t ; interface loopback1" .. again can test in lab or you can test and report back here

View solution in original post

f00z · ‎11-03-2023

Um, can't just apply route-map under 'address-family ipv4 unicast' .. try it in regular config mode and see. Need to apply to a neighbor or peer group (or a nexthop or a redistribute or a network statement)

take a look at ' show event manager events action-log ' (at least i think that's the command, not in front of it to test)

also i believe the event cli match you need to tell it that it's in config mode so has to be like "conf t ; interface loopback1" .. again can test in lab or you can test and report back here

bunjiega · ‎11-04-2023

Thanks f00z - Looks like I did accidentally leave out the neighbor there. Did get the route-map one working, which was the main one I was concerned with. Thanks!!