Solved: Calling a variable in regular expression - Page 2

CORY HEBERT · ‎04-17-2014

Hi. Is there any way to call a variable in a regular expression, instead of explicitly defining it? For example,

THIS WORKS:

action 10 cli command "show run | section router ospf"
action 20 regexp "passive-interface Serial4/0" "$_cli_result"

BUT THIS DOES NOT:

event manager environment _circuit1 Serial4/0

...

action 10 cli command "show run | section router ospf"
action 20 regexp "passive-interface $_circuit1" "$_cli_result"

Joe Clarke · ‎05-01-2014

I need to see your whole config. It's the AAA stuff that's important. If you are using TACACS+ for authz, then creating a local user will have no effect. What you should try is your username as the eem session cli username.

CORY HEBERT · ‎05-01-2014

Ah, ok. Here's the AAA stuff:

aaa new-model
!
aaa authentication login default group tacacs+ local
aaa authentication login async none
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization exec default group tacacs+ local
aaa authorization exec async none
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!

Joe Clarke · ‎05-01-2014

You're not doing command authorization, so if you print the results of the "show run" command (the OSPF version) in the cron policy (so that it goes out via syslog), what is the exact output you get? Or better yet, enable "debug event manager action cli" reproduce the problem, and post the output.

CORY HEBERT · ‎05-01-2014

Joe, I'll have to do more troubleshooting tonight, but keep in mind I wasn't sending the command output to SYSLOG, but was just doing 'puts'. Are you saying I should try syslog?

Anyways, I tried that debug command last night, and was getting NOTHING. I even tried "debug event manager all"...still, nothing.

Joe Clarke · ‎05-01-2014

If some CLI results are being processed, then "debug event manager action cli" will show something provided you're trapping on debug level messages.

As for puts vs. syslog, puts should turn into syslog when an asynchronous policy is run. But again, you need to be trapping on debug level syslog messages.

CORY HEBERT · ‎05-02-2014

Joe, do I necessarily need to 'trap' debug-level messages for them to echo on my terminal screen? I wasn't aware of that. All I normally do is 'term mon' to ensure I see the messages. I'm unsure of the command I will need to see the debug output.

I'm going to do more troubleshooting tonight, but I am concerned that I won't see any output like last time.

Joe Clarke · ‎05-02-2014

You need to make sure you have configured:

logging monitor debug

This sets the logging level of the VTY monitor lines to debug.

CORY HEBERT · ‎05-06-2014

Joe, I just wanted to follow up and let you know that this is working now. I think it all came down to an issue with privileges. Initially, I didn't have the 'enable' in my script. Once I added 'enable', I could get it to work manually, but not with CRON...but I'm not sure why, as it's now working with CRON, too. Here's what the final script looks like. Thanks for trudging along with me on this one.

event manager applet UNPASSIVE
event timer cron cron-entry "0 2 * * *"
action 10   cli command "enable"
action 20   cli command "show run | section router ospf"
action 30   foreach line "$_cli_result" "\n"
action 40    set intf "none"
action 50    regexp "passive-interface ([A-Za-z0-9/\.:]+)" "$line" match intf
action 60    if $intf eq $circuit1
action 60.1   syslog msg "CRON job making $intf unpassive"
action 60.2   cli command "enable"
action 60.3   cli command "config t"
action 60.4   cli command "router ospf 77"
action 60.5   cli command "no passive-interface $intf"
action 60.6   cli command "end"
action 70    end
action 80   end
!