07-14-2011 03:43 PM
Hi guys,
I have an issue with an EEM applet that I have configured. Part of the applet is to run a kron occurrence. I know the applet is executing by viewing event manager history, but when I then run show kron schedule, the kron job is not set to run.
If I manually input the same CLI commands, the schedule starts without issue.
The config for the applet is below:
event manager applet RESTORED
!
event track 100 state up
!
action 1.0 cli command "enable"
!
action 1.1 cli command "conf t"
!
action 1.2 cli command "kron occurrence MONITOR in 0:10"
!
action 1.3 cli command "policy-list MONITOR"
!
action 1.4 syslog msg "ATTENTION:THE CCT HAS RESTORED"
!
exit
Any help with this would be greatly appreciated.
Thanks
Scott
Solved! Go to Solution.
07-15-2011 08:24 PM
Don't change your policy at all. Instead, add "event manager session cli username USER" where USER is a username authorized to run all of the CLI commands in the policy.
07-15-2011 09:35 AM
I have debugged event manager action cli, and discovered that the reason the CLI commands are not taking is that aaa (tacacs) is applied to this router, so when the system attempts to enter commands, command authorisation is failing.
*Jul 15 15:14:26.245: %TRACKING-5-STATE: 100 interface Lo100 ip routing Up->Down
*Jul 15 15:14:26.261: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : CTL : cli_open called.
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : CC
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT :
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT :
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : This is a test router for SNMP traps
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT :
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT :
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : WAKE-ANT-TEST-RTR>
*Jul 15 15:14:26.269: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : IN : WAKE-ANT-TEST-RTR>enable
*Jul 15 15:14:26.281: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : WAKE-ANT-TEST-RTR#
*Jul 15 15:14:26.281: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : IN : WAKE-ANT-TEST-RTR#conf t
*Jul 15 15:14:26.497: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : Command authorization failed.
*Jul 15 15:14:26.497: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT :
*Jul 15 15:14:26.497: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : WAKE-ANT-TEST-RTR#
*Jul 15 15:14:26.497: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : IN : WAKE-ANT-TEST-RTR#no kron occurrence MONITOR in 0:03
*Jul 15 15:14:26.513: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : ^
*Jul 15 15:14:26.513: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
*Jul 15 15:14:26.513: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT :
*Jul 15 15:14:26.513: %HA_EM-6-LOG: DWNBT : DEBUG(cli_lib) : : OUT : WAKE-ANT-TEST-RTR#
Does anyone out there know if its possible for EEM to authenticate against aaa?
I did try adding a "login" command after
action 1.0 cli command "enable", but this failed authorisation also.
Thanks
Scott
07-15-2011 08:24 PM
Don't change your policy at all. Instead, add "event manager session cli username USER" where USER is a username authorized to run all of the CLI commands in the policy.
07-18-2011 06:26 AM
Joseph,
thank you very much. That works a treat!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide