EEM Script to call Python Script for CLI Accounting for NX-OS

marjulia · ‎07-21-2017

Hey All -

I'm trying to write up an NX-OS script that is equivalent to "archive log config" in IOS. What I am considering is having EEM call a python script anytime that some command is entered in CLI. My question is, how CPU intensive is this if it were to call the script every single time any command is entered?

So far what I have for my eem script is:

event manager applet test

event cli match "*"

action 1.0 cli source syslog.py

action 2.0 event-default

And my python script looks as follows:

#!/isan/bin/python

import syslog
from cisco import *

x = cli("show accounting log | i 'configure terminal'")
if 'configure terminal' in x:
syslog.syslog(3,x);

x = cli("clear accounting log")

We need the CLI commands to be sent to a syslog server so accounting using TACACS or RADIUS isn't an option. This is a messy solution but it was the only way I could think of. Any idea on if running the script constantly like that would cause issues on a Nexus box? Another option would be just running it on a scheduler but that isn't ideal.

Joe Clarke · ‎07-21-2017

You'll clearly want to test this. I doubt anyone has done such a thing before. It seems risky to me, but it would only cause load when CLI commands are executed, so the scaling factor will be the number of simultaneous sessions + the number of simultaneous CLI commands executed. You should test as aggressively as your customer plans to use the CLI.

marjulia · ‎07-21-2017

Yea it was the only way I could think of to account for CLI commands and send this as a syslog message. Do you think there is any other way to accomplish this?

Joe Clarke · ‎07-21-2017

Use AAA accounting and centralize this on an AAA accounting server. From there you might be able to script the generation of syslog messages in a more scalable way.