cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1661
Views
5
Helpful
2
Replies
Andrew Hunter
Beginner

EEM Script to monitor default route changes

Hi there, I am trying to monitor the default route within a VPN, and notify if this changes within an EEM script.

event manager applet Cust_Default_Route_Monitor

description Cust Default Route Change Syslog and Email Messages

event routing network 0.0.0.0/0 vrf name Cust:IPVPN

action 1.0 syslog msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"

action 2.0 mail server "128.65.100.254" to "support@xxx.uk" from "Cust_EEM@itps.co.uk" subject "Cust Routing Change has occurred" body "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask,"

But this is matching all network route changes, I have modified the event routing network script to try and monitor le or ge to no avail.

What am I missing.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Francesco Molino
Events Top Contributor

Hi

The workaround to catch only 0.0.0.0/0 route, you'll need to modify your routing event like:

 event routing network 0.0.0.0/0 type modify le 1

This is an example of what I'm doing today. You can remove the type modify if not needed.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 REPLIES 2
Francesco Molino
Events Top Contributor

Hi

The workaround to catch only 0.0.0.0/0 route, you'll need to modify your routing event like:

 event routing network 0.0.0.0/0 type modify le 1

This is an example of what I'm doing today. You can remove the type modify if not needed.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

I am trying to monitor (on my router) the default route as you suggested (event routing network 0.0.0.0/0 protocol ospf type modify) to see when SLA (on my firewall) causes my default route to change from the firewall, to another egress.  So when the firewall's sla trips the traffic flip, my default route goes from the firewall's IP to another router (10.x.x.x).  This works.  If I want to monitor when it comes back, is there a way to monitor for that?  Since I am removing some code when it initally goes off, and I want to put the code back when the route goes normal again, I'd like to test for a specific route - not just "modify".  Is that possible?  Thanks!

Content for Community-Ad