06-14-2013 05:06 AM
Hi,
In have an issue, if any user logged into switch is removing TACACS configuration is it possible to send auto alert to LMS by writing an EEM script ?
is it achievable through EEM script. Please can you help in this.
Regards,
Ajith
06-14-2013 05:23 AM
Any command entered can be sent to a syslog server. Certain syslog servers can then alert on specific message content.
Sent from Cisco Technical Support iPad App
06-14-2013 05:54 AM
Thanks for the Revert Jeff.
Say if a command aaa new-model is removed from the configuration it should trigger a mail so how exactly we can write a script for this , Help appreciated.
Regards,
Ajith
06-14-2013 06:57 AM
Hi,
The EEM script to report config changes of a device which is as below.
event manager applet mail_cfg_chg
event syslog pattern “.*%SYS-5-CONFIG_I.*”
action 1.0 info type routername
action 1.1 cli command “enable”
action 1.2 cli command “show archive log config all”
action 1.3 mail server “10.*.*.*” to “ajith@******” from “****@**.com” subject “Config change on ****” body “$_cli_result”
action 1.4 cli command “clear archive log config force”
But i'm looking for only for TACACS config changes to be reported from the devices to the mail ID.
If some one who knows or already implemented this kindly help.
Regards,
Ajith
06-14-2013 07:33 AM
conf t
archive
log config
logging enable
logging size 500
notify syslog contenttype plaintext
hidekeys
!
event manager environment _email_server 1.2.3.4
event manager environment _email_from abc@12345.com
event manager environment _email_to xyz@98765.com
event manager applet config-change
event syslog pattern "logged command:no aaa new-model"
action 0.1 syslog msg "logged command:no aaa new-model"
action 0.2 syslog msg "EEM: gathering info for e-mail..."
action 0.3 cli command "enable"
action 0.4 cli command "term exec prompt timestamp"
action 0.5 cli command "term len 0"
action 1.1 cli command "show user| append flash:eem-log.txt"
action 1.8 mail server $_email_server to $_email_to from $_email_from subject " TACACS_removal " body "$_cli_result"
action 2.2 syslog msg "EEM: Self-removing applet from configuration..."
action 2.3 cli command "configure terminal"
action 2.4 cli command "no event manager applet config-change"
action 2.5 cli command "end"
06-26-2013 05:41 AM
I have checked the config it's similar but the mails are not trigerring when ever i disable the service given in EEM applet. help appreciated.
07-01-2013 02:09 PM
Post your configuration, then enable "debug event manager action cli" and reproduce the issue (i.e., disable the service). Post the debugging output.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: