EEM Basic Script Help

NicholasGaba · ‎10-24-2024

I'm looking to create a very basic EEM script and I'm having problems with it. This is my first stab at trying to right my own.

The objective is that after a device passes its authorization run a command and display that result in a syslog message.

In my lab I'm just targeting a specific interface. When i clear the auth session I don't ever see the results in syslog like I was hoping. Ideally once its working I'm looking to target all interfaces, but wanted to simplify it down in an attempt to get it working.

event manager applet identity
event identity interface GigabitEthernet1/0/1 authz success
action 1 cli command "enable"
action 2 cli command "show mac address-table | in Gi1/0/1"
action 3 syslog msg $_cli_result

I dont see anything in the show event manager history events

NicholasGaba · ‎10-29-2024

I've gotten the script to work how I wanted by removing the identify and just targeting a specific syslog message and its outputting exactly how i want it now. I have a follow up though. When it runs and it exports to our syslog server, I get the cli output as expected, but I also get a second line of just hostname#. How can I remove it from sending the second line and just the exact cli output

This is the script:

event manager applet SHOW_MAC_VLAN authorization bypass
event syslog pattern "%SESSION_MGR-5-SUCCESS:"
action 1 regexp "([a-f0-9]+\.[a-f0-9]+\.[a-f0-9]+)" "$_syslog_msg" match mac
action 2 cli command "enable"
action 3 cli command "show mac address-table | in $mac"
action 4 syslog msg "$_cli_result"

The syslog message looks like this

004851: Oct 29 15:35:51.779: %SESSION_MGR-5-SUCCESS: Switch 1 R0/0: sessmgrd: Authorization succeeded for client (<MAC Address>) on Interface GigabitEthernet1/0/41 AuditSessionID E4BF090A00000037D9C6C7C8
004852: Oct 29 15:35:52.339: %HA_EM-6-LOG: SHOW_MAC_VLAN: <VLAN> <MAC Address> STATIC Gi1/0/41
switch-1#
004853: Oct 29 15:35:56.003: <next syslog output>

How can I remove the switch-1# on the 3rd line?