cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1032
Views
0
Helpful
6
Replies
Highlighted
Beginner

EEM script help

Hi,

In have an issue,  if any user logged into switch is removing TACACS configuration is it possible to send auto alert to LMS by writing an EEM script ?

is it achievable through EEM script. Please can you help in this.

Regards,

Ajith

6 REPLIES 6
Highlighted
Contributor

Re: EEM script help

Any command entered can be sent to a syslog server. Certain syslog servers can then alert on specific message content.

Sent from Cisco Technical Support iPad App

Highlighted
Beginner

EEM script help

Thanks for the Revert Jeff.

Say if a command aaa new-model is removed  from the configuration it should trigger a mail so how exactly we can write a script for this , Help appreciated.

Regards,

Ajith

Highlighted
Beginner

EEM script help

Hi,

The EEM script to report config changes of a device which is as below.

event manager applet mail_cfg_chg

event syslog pattern “.*%SYS-5-CONFIG_I.*”

action 1.0 info type routername

action 1.1 cli command “enable”

action 1.2 cli command “show archive log config all”

action 1.3 mail server “10.*.*.*” to “ajith@******” from “****@**.com” subject “Config change on ****” body “$_cli_result”

action 1.4 cli command “clear archive log config force”

But i'm looking for only for  TACACS config changes to be reported from the devices to the mail ID.

If some one who knows or already implemented this kindly help.

Regards,

Ajith

Highlighted
Beginner

EEM script help

conf t

archive

log config

  logging enable

  logging size 500

  notify syslog contenttype plaintext

  hidekeys

!

event manager environment _email_server 1.2.3.4

event manager environment _email_from abc@12345.com

event manager environment _email_to xyz@98765.com

event manager applet config-change

event syslog pattern "logged command:no aaa new-model"

  action 0.1 syslog msg "logged command:no aaa new-model"

  action 0.2 syslog msg "EEM: gathering info for e-mail..."

  action 0.3 cli command "enable"

  action 0.4 cli command "term exec prompt timestamp"

  action 0.5 cli command "term len 0"

  action 1.1 cli command "show user| append flash:eem-log.txt"

  action 1.8 mail server $_email_server to $_email_to from $_email_from subject " TACACS_removal " body "$_cli_result"

  action 2.2 syslog msg "EEM: Self-removing applet from configuration..."

  action 2.3 cli command "configure terminal"

  action 2.4 cli command "no event manager applet config-change"

  action 2.5 cli command "end"

Highlighted
Beginner

EEM script help

I have checked the config it's similar but the mails are not trigerring when ever i disable the service given in EEM applet. help appreciated.

Highlighted
Hall of Fame Cisco Employee

EEM script help

Post your configuration, then enable "debug event manager action cli" and reproduce the issue (i.e., disable the service).  Post the debugging output.

Content for Community-Ad