Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1064
Views
0
Helpful
1
Replies

Action syslog in EEM script does not work when logging filter is configured

mmichniak
Level 1
Level 1

‎07-01-2015 01:13 AM

Below is a simple applet which sends test syslog message and filtering tcl script. It works fine with message discriminator but does not work with logging filter.

event manager applet TEST
 event none
 action 1.0 syslog priority debugging msg "TEST message" facility "TEST-fac"

Router#more flash:Filter.tcl
set messages { {User:EEM} {Configured from \d+.\d+.\d+.\d+ by snmp} {Configured from console by EEScript}  }

foreach m $messages {
        if {[regexp -nocase $m $::orig_msg] > 0 } {
                return ""
        }
}

return "$::orig_msg"

 

Router#sh logg
Syslog logging: enabled (0 messages dropped, 8 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering enabled)

No Active Message Discriminator.

 

No Inactive Message Discriminator.


    Console logging: disabled
    Monitor logging: level debugging, 3147 messages logged, xml disabled,
                     filtering enabled
        Logging to: vty8(93)
    Buffer logging:  level informational, 3535 messages logged, xml disabled,
                    filtering enabled (3535 messages logged)
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: enabled
    Persistent logging: disabled

Filter modules:
    flash:Filter.tcl   

    Trap logging: level notifications, 181126 message lines logged
        Logging to 10.x.z.y  (udp port 514, audit disabled,
              link up),
              1019 message lines logged,
              0 message lines rate-limited,
              97032 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering enabled
        Logging Source-Interface:       VRF Name:
        Loopback0                      

 

Labels:
0 Helpful
1 Reply 1

Joe Clarke
Cisco Employee
Cisco Employee

‎07-01-2015 07:51 AM

When ESM is enabled on a syslog destination, then buginf (i.e., debugging) syslog messages are no longer generated to that destination.  EEM uses buginf to generate its syslog messages, so EEM cannot generate messages that ESM will intercept.

0 Helpful
Customers Also Viewed These Support Documents