09-05-2019 06:16 AM
Hi Guys,
I'm trying to figure out how to catch, and use a pattern in syslog as a variable. An example is for this message:
"%OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.2 on FastEthernet0/0 from FULL to DOWN"
I want to catch interface "FastEthernet0/0" as a variable and apply a set of commands such as:
ios_config "interface $int" "ip ospf authentication message-digest"
The commands aren't as important as catching the interface so I can use it as a variable.
09-05-2019 06:34 AM
Hi there,
The regex to pluck the interface out is:
[a-zA-Z]*\d{1,3}\/\d{1,3}
...if you wanted to match stacked interface (ie GigabitEthernet1/0/1) use:
[a-zA-Z]*\d{1,3}\/\d{1,3}(\/\d{1,3}){0,1}
The EEM action will look like this:
action XX regexp "[a-zA-Z]*\d{1,3}\/\d{1,3}" "$_cli_result" match intf
...the variable $intf will hold the matched string for you to use later in your script.
cheers,
Seb.
09-05-2019 06:59 AM - edited 09-05-2019 06:59 AM
Thank you Seb! I want to make sure that I understand this correctly.
The $cli_result is the raw Syslog message? The action regexp searches _cli_result for the regular expression and sets whatever matches to the variable intf?
event syslog pattern %OSPF-5-ADJCHG.+FULL to DOWN
action 1.0 regexp "[a-zA-Z]*\d{1,3}\/\d{1,3}" "$_cli_result" match intf
....
action 5.0 cli command "interface $intf"
action 6.0 cli command "ip ospf authentication message-digest"
09-05-2019 07:20 AM
Yes and yes :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide