Re: automatic generating syslogs logs

mragula01 · ‎02-24-2022

hello all, i would like to ask you for advice. i would need to send from my devices each hour a syslog message (for example heartbeat_nameofdevice) each hour to Qradar. those devices are nexus 9K (9.3.9) and ASA firewall. i tried to configure it with event manager on nexus in this way

event manager applet heartbeat

action 1 syslog msg test_BEUWVVSSPRLESW009N93

but i am not able to set up timer in order to trigger this action each hour

thank you

Michal

Georg Pauwen · ‎02-24-2022

Hello,

you can add a CRON timer (in the example below, the syslog message would be run one minute after each hour):

event manager applet heartbeat
--> event timer cron cron-entry "01 * * * *" maxrun 99999999
action 1 syslog msg test_BEUWVVSSPRLESW009N93

mragula01 · ‎02-24-2022

unfortunately event timer is not a option which is enabled on my nexus devices

(config-applet)# event ?
cli - Create a cli event specification
counter - Create a counter event
fanabsent - Create fanabsent event specification
fanbad - Create fanbad event specification
fib - FIB related event
gold - Create a 'Diagnostic' event specification
internal-link-flap - Create a 'internal-link-flap' event specification
memory - Create memory thresholds event specification
module - Create a 'module' event specification
module-failure - Create a 'module-failure' event specification
neighbor-discovery - Show CDP new neighbors
oir - Create Online-Insertion-Removal event specification
policy-default - Use the event in the system policy being overridden
poweroverbudget - Create poweroverbudget event specification
snmp - Create a 'snmp' event specification.
storm-control - Create a storm control event specification
syslog - Create a syslog event specification
sysmgr - System manager related events
tag - Event tag identifier
temperature - Create temperature event specification
test - Create a 'test' event specification
track - Create a 'track' event specification

is there some other option ?

Georg Pauwen · ‎02-24-2022

Hello,

check if you can use KRON instead:

event manager applet EVERYHOUR_APP
event none
action 1 syslog msg test_BEUWVVSSPRLESW009N93
!
kron policy-list EVERYHOUR_POL
cli event man run EVERYHOUR_APP
!
kron occurence EVERYHOUR_OCC in 60 recurring
policy-list EVERYHOUR_POL

mragula01 · ‎02-24-2022

hello Georg,

unfortunately even KRON is not enabled on our nexuses

(config-applet)# kron ?
^
% Invalid command at '^' marker.
(config-applet)# exit

(config)# kron ?
^
% Invalid command at '^' marker.

mragula01 · ‎02-24-2022

maybe is there some other way how to automatically generate log on nexus and ASA each hour ?

Georg Pauwen · ‎02-24-2022

Hello,

for the Nexus, try the below:

feature scheduler
!
scheduler job name SYSLOG_JOB
syslog msg test_BEUWVVSSPRLESW009N93
!
scheduler schedule name SCHED_HOURLY
job name SYSLOG_JOB
time hourly 00

balaji.bandi · ‎02-24-2022

Try EEM with scheduler :

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide/sm_12eem.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help