Hi

I have created an EEM script to make a syslog message everytime the write command is executed.

But I made so the script triggers everytime wr is typed in the terminal, and now i cant delete the script again.

It just ignores the command and creates a syslog message. Please help.

HQ-CORE-1#show run | sec applet
event manager applet CLI-wr-alarm
event cli pattern "wr" sync yes
action 1.0 syslog msg "$_cli_msg Command Executed(test)"

HQ-CORE-1(config)#no event manager applet CLI-wr-alarm
HQ-CORE-1(config)#do show loggin | inc wr
HQ-CORE-1(config)#do show loggin
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 119 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 115 message lines logged
Logging to 10.0.101.11 (udp port 514, audit disabled,
link up),
114 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
Loopback1

Log Buffer (4096 bytes):
Aug 23 21:08:28.122: %HA_EM-6-LOG: CLI-wr-alarm: no event manager applet CLI-wr-alarm Command Executed(test)
Aug 23 21:08:38.255: %HA_EM-6-LOG: CLI-wr-alarm: do-exec show loggin | inc wr Command Executed(test)
HQ-CORE-1(config)#