05-24-2018 11:16 PM - edited 03-01-2019 06:36 PM
Hi Everyone.
I have a tcl script that automatically writes the running config off to a TFTP server if a user enters and then exits the configuration mode on a device; as per below;
::cisco::eem::event_register_syslog occurs 1 pattern .*%SYS-5-CONFIG_I.* queue_priority high maxrun 90 #--- Namespace imports namespace import ::cisco::eem::* namespace import ::cisco::lib::* # check if all the env variables we need exist # # If any of them doesn't exist, print out an error msg and quit # if {![info exists tftpserver]} { set result "Running Config cannot be saved: variable tftpserver has not been set" error $result $errorInfo } if {![info exists filename]} { set result "Running Config cannot be saved: variable filename has not been set" error $result $errorInfo } #------------------- " cli open" ------------------- if [catch {cli_open} result] { error $result $errorInfo } else { array set cli $result } #----------------------- "enable mode" ---------------- if [catch {cli_exec $cli(fd) "enable"} result] { error $result $errorInfo } #----------------------- "copy running-config to tftp server" ---------------- set tftpcmd [format "copy running-config tftp://%s/%s" $tftpserver $filename] action_syslog priority info msg "TFTP CMD: $tftpcmd" if [catch {cli_write $cli(fd) $tftpcmd} result] { error $result $errorInfo } if [catch {cli_read_pattern $cli(fd) "Address or name"} _cli_result] { error $_cli_result $errorInfo } if [catch {cli_write $cli(fd) $tftpserver} _cli_result] { error $_cli_result $errorInfo } if [catch {cli_read_pattern $cli(fd) "Destination"} _cli_result] { error $_cli_result $errorInfo } if [catch {cli_write $cli(fd) $filename} _cli_result] { error $_cli_result $errorInfo } if [catch {cli_read $cli(fd) } _cli_result] { error $_cli_result $errorInfo } #--------------------- cli close ------------------------ cli_close $cli(fd) $cli(tty_id)
We have another piece of software that logs into the switch via a particular user account, which when that event triggers, i don't want the config to be automatically written off.
ie, if a user logs on and makes a change, then exits configure mode, a message will be generated like;
%SYS-5-CONFIG_I: Configured from console by joebloggs on vty1
If our software logs in, it will log the two messages;
%SYS-5-CONFIG_I: Configured from console by software-account on vty1
%SYS-5-CONFIG_I: Configure from 1.1.1.1 by snmp
If i see either of the second messages, I want don't want to write the config off to the tftp. I just want the script to end. - Note: The ip address will not always be 1.1.1.1 it could be any valid IP address
What would be the best way to achieve this?
Thanks in advance
05-25-2018 07:05 AM
You don't need Tcl for this. It adds a level of complexity that may be hard to maintain over time. An applet will work just as well.
Regardless, you can match on the patterns that indicate things for which you don't want to handle, and then just exit:
array set arr_einfo [event_reqinfo]
if { [regexp {by software-account} $arr_einfo(msg)] || [regexp {by snmp} $arr_einfo(msg)] } {
exit 1
}
05-28-2018 04:37 PM - edited 05-28-2018 04:38 PM
Thanks Joe,
I can see the way to write the applet to trigger on the event that the syslog message;
%SYS-5-CONFIG_I
is logged.. but what would be the best way to ignore the events that are triggered by the user logging in as the software-account? as the syslog message will be logged the same. Can a similar regex expression be used there too?
Thanks
05-29-2018 06:11 AM
Like I said, you can use a regexp action to test the syslog message to see if it contains an ignorable string. I showed you a Tcl example already. A similar approach would work for an applet
regexp "by software-account" "$_syslog_msg"
if $_regexp_result eq 1
exit 1
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide