Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1793
Views
0
Helpful
3
Replies

EEM Script to call Python Script for CLI Accounting for NX-OS

marjulia
Level 1
Level 1

‎07-21-2017 08:39 AM

Hey All -

I'm trying to write up an NX-OS script that is equivalent to "archive log config" in IOS. What I am considering is having EEM call a python script anytime that some command is entered in CLI. My question is, how CPU intensive is this if it were to call the script every single time any command is entered?

So far what I have for my eem script is:

event manager applet test 

event cli match "*"

action 1.0 cli source syslog.py

action 2.0 event-default

And my python script looks as follows:

#!/isan/bin/python

import syslog
from cisco import *

x = cli("show accounting log | i 'configure terminal'")
if 'configure terminal' in x:
syslog.syslog(3,x);

x = cli("clear accounting log")

We need the CLI commands to be sent to a syslog server so accounting using TACACS or RADIUS isn't an option. This is a messy solution but it was the only way I could think of. Any idea on if running the script constantly like that would cause issues on a Nexus box? Another option would be just running it on a scheduler but that isn't ideal.

Labels:
0 Helpful
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎07-21-2017 10:56 AM

You'll clearly want to test this.  I doubt anyone has done such a thing before.  It seems risky to me, but it would only cause load when CLI commands are executed, so the scaling factor will be the number of simultaneous sessions + the number of simultaneous CLI commands executed.  You should test as aggressively as your customer plans to use the CLI.

0 Helpful

marjulia
Level 1
Level 1
In response to Joe Clarke

‎07-21-2017 11:16 AM

Yea it was the only way I could think of to account for CLI commands and send this as a syslog message. Do you think there is any other way to accomplish this?

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to marjulia

‎07-21-2017 11:23 AM

Use AAA accounting and centralize this on an AAA accounting server.  From there you might be able to script the generation of syslog messages in a more scalable way.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card