Not sure what your requirements are for tracking ipsla inside of EEM such as if ipsla goes up or down?   Here is an example from another script I have written to track ipsla and correlate them together.  I have "or" as correlation and your script looks like you need to change this to "and" and the script is triggered from any state change.   Inside the policy there are "if statements" if the track is "up", and you could add conditional logic if ipsla is down.  The policy below as written is to find the lowest latency path across two Tunnel interfaces then update a PBR policy to select the tunnel with the lowest latency.    Hopefully this is a framework to get you started with your policy.   

event manager applet mec
 event tag sla1 track 1 state any
 event tag sla2 track 2 state any
 trigger
  correlate event sla1 or event sla2
 action 010 cli command "enable"
 action 015 puts "track $_track_number state = $_track_state"
 action 017 if $_track_number eq "1"
 action 018  set reverse "2"
 action 019 else
 action 020  set reverse "1"
 action 021 end
 action 026 cli command "config term"
 action 030 cli command "route-map mec_video permit $_track_number"
 action 040 if $_track_state eq "up"
 action 045  cli command "no set interface Tunnel$reverse"
 action 050  cli command "set interface Tunnel$_track_number"
 action 060 else
 action 065  cli command "no set interface Tunnel$_track_number"
 action 070  cli command "set interface Tunnel$reverse"
 action 090 end
 action 095 cli command "end"
 action 100 cli command "show ip sla stat 1 | inc RTT"
 action 110 regexp "Latest RTT: ([0-9]+)" "$_cli_result" match rttipsla1
 action 120 if $_regexp_result eq 1
 action 130 puts "ipsla1 = $rttipsla1 ms"
 action 140 else
 action 150 puts "ipsla1 $_cli_result"
 action 160 end
 action 170 cli command "show ip sla stat 2 | inc RTT"
 action 180 regexp "Latest RTT: ([0-9]+)" "$_cli_result" match rttipsla2
 action 190 if $_regexp_result eq 1
 action 200 puts "ipsla2 = $rttipsla2 ms"
 action 210 else
 action 220 puts "ipsla2 $_cli_result"
 action 230 end
 action 240 cli command "show track $reverse | inc Latest operation return code"
 action 250 regexp "Latest operation return code: (OK)" "$_cli_result" match rcode
 action 260 if $_regexp_result eq 0
 action 270  cli command "config term"
 action 280  if $rttipsla1 gt "$rttipsla2"
 action 290   cli command "route-map mec_video permit 1"
 action 300   cli command "no set interface Tunnel1"
 action 310   cli command "set interface Tunnel2"
 action 320   cli command "route-map mec_video permit 2"
 action 330   cli command "no set interface Tunnel1"
 action 340   cli command "set interface Tunnel2"
 action 350  end
 action 360  if $rttipsla2 gt "$rttipsla1"
 action 370   cli command "route-map mec_video permit 1"
 action 380   cli command "no set interface Tunnel2"
 action 390   cli command "set interface Tunnel1"
 action 400   cli command "route-map mec_video permit 2"
 action 410   cli command "no set interface Tunnel2"
 action 420   cli command "set interface Tunnel1"
 action 430  end
 action 435 cli command "end"
 action 440 end
 action 460 cli command "show route-map mec_video"
 action 470 puts "$_cli_result"

Ment if it was possible to do the EEM script instead of the IP SLA. It is because that, some switches don't support IP SLA.

The requerements is to check if the two radius serveres is a live every 60sec.
If both servers is down syslog msg "RADIUS DOWN"
If one of the servers is back up syslog msg "RADIUS UP"

Try this for EEM to ping the servers and report up/down.   Fill in radius ip address for each environment variable.

event manager environment radius1 10.147.1.1
event manager environment radius2 10.147.2.1
event manager applet pinger
 event timer watchdog time 60 maxrun 30
 action 010 cli command "enable"
 action 020 set result "0"
 action 050 foreach ip "$radius1 $radius2"
 action 060  cli command "ping $ip"
 action 070  regexp "Success rate is (60|80|100) percent" "$_cli_result"
 action 075  if $_regexp_result eq "1"
 action 080   increment result 1
 action 085   puts "RADIUS $ip is up"
 action 090  else
 action 100   decrement result 1
 action 105   puts "RADIUS $ip is down"
 action 110  end
 action 120 end
 action 130 puts "$result"
 action 140 if $result lt "0"
 action 150  puts "RADIUS DOWN"
 action 160 elseif $result ge 0
 action 170  puts "RADIUS UP"
 action 180 end

THANKS @Dan Frey I will test it tomorrow and let you know how it went. But looks like the ting i need.

Thnaks for your time.

Hi @Dan Frey it also works. Is just GREAT.

I try to combine them, so when the Pinger put "%HA_EM-6-LOG: pinger: RADIUS UP" in the log, it should trigger the other script, by the event syslog pattern "%HA_EM-6-LOG: pinger: RADIUS UP", but nothing happens.

But i see the events in the log.

@swapsakker EEM will not allow triggering a EEM policy from a log message from another policy.  It is to prevent infinite loops.  If you want that type of functionality you should combine the two policies into a single EEM script and use conditional logic to run code.   So "if radius is up" execute this set of instructions, etc....  I believe all the code is there if the EEM policies are consolidated (need to update action numbering sequence if they are consolidated).

Oh, make sence.

This seems to work, but not on 3560cx, they don't konw the command "show interfaces status vlan 1 | exclude notconnect|trunk" so had to exclude all known vlans, then it worked.

event manager applet pinger
event timer watchdog time 60
action 010 cli command "enable"
action 020 set result "0"
action 030 foreach ip "$radius1 $radius2"
action 040 cli command "ping $ip"
action 050 regexp "Success rate is (60|80|100) percent" "$_cli_result"
action 051 if $_regexp_result eq "1"
action 052 increment result 1
action 053 else
action 054 decrement result 1
action 055 end
action 056 end
action 060 if $result le "0"
action 061 puts "-- LKISE DOWN"
action 062 elseif $result ge 0
action 063 puts "RADIUS UP"
action 064 cli command "enable"
action 065 syslog msg "-- Checking for VLAN 1 Ports --"
action 065 cli command "action 065 cli command "show interfaces status | exclude notconnect|trunk|vlan xx"
action 066 syslog msg "-- Shutting Down VLAN 1 Ports --"
action 068 foreach line "$_cli_result" "\n"
action 069 regexp "(^[a-zA-Z0-9\/]+)" "$line" match port
action 070 cli command "config t"
action 080 if $_regexp_result eq 1
action 081 puts "port = $port"
action 082 cli command "interface $port"
action 083 cli command "shutdown"
action 084 wait 10
action 086 cli command "no shutdown"
action 090 end
action 091 end
action 092 end

check the 3560cX command syntax :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_5_e/configuration_guide/b_1525e_consolidated_3560cx_2960cx_cg/b_1525e_consolidated_3560cx_2960cx_cg_chapter_010.html#con_1929788

in this case you may need to define each one port and make up and down, bit of load.

is it not possible til put in a wait command in the script:

action 068 foreach line "$_cli_result" "\n"
action 069 regexp "(^[a-zA-Z0-9\/]+)" "$line" match port
action 070 cli command "config t"
action 071 if $_regexp_result eq 1
action 072 puts "port = $port"
action 072 cli command "interface $port"
action 074 cli command "shutdown"
action 075 cli command "end"
action 076 wait 10
action 080 cli command "config t"
action 081 if $_regexp_result eq 1
action 082 puts "port = $port"
action 083 cli command "interface $port"
action 084 cli command "no shutdown"
action 085 cli command "end"
action 090 end

Of some reason, the script dont start on the 9300. When i add the script i can see this in the log:

003640: Mar 20 11:13:36.242 cet: %DMI-5-SYNC_NEEDED: Switch 1 R0/0: dmiauthd: Configuration change requiring running configuration sync detected - ' event manager applet RADIUS_STATUS action 020 set result "0"'. The running configuration will be synchronized to the NETCONF running data store.
003641: Mar 20 11:13:36.453 cet: %DMI-5-SYNC_START: Switch 1 R0/0: dmiauthd: Synchronization of the running configuration to the NETCONF running data store has started.
003642: Mar 20 11:13:51.434 cet: %DMI-5-SYNC_COMPLETE: Switch 1 R0/0: dmiauthd: The running configuration has been synchronized to the NETCONF running data store.
003643: Mar 20 11:14:37.248 cet: %DMI-5-SYNC_NEEDED: Switch 1 R0/0: dmiauthd: Configuration change requiring running configuration sync detected - ' event manager applet RADIUS_STATUS action 020 set result "0"'. The running configuration will be synchronized to the NETCONF running data store.
003644: Mar 20 11:14:37.457 cet: %DMI-5-SYNC_START: Switch 1 R0/0: dmiauthd: Synchronization of the running configuration to the NETCONF running data store has started.
003646: Mar 20 11:14:52.473 cet: %DMI-5-SYNC_COMPLETE: Switch 1 R0/0: dmiauthd: The running configuration has been synchronized to the NETCONF running data store.
003647: Mar 20 11:14:52.832 cet: %DMI-5-SYNC_NEEDED: Switch 1 R0/0: dmiauthd: Configuration change requiring running configuration sync detected - ' event manager applet RADIUS_STATUS action 068 foreach line "$_cli_result" "\n"'. The running configuration will be synchronized to the NETCONF running data store.
003648: Mar 20 11:14:53.040 cet: %DMI-5-SYNC_START: Switch 1 R0/0: dmiauthd: Synchronization of the running configuration to the NETCONF running data store has started.

Found the problem, the "event manager environment" does not know witch vlan it should use.

@Dan Frey  thats good script and thanks for chip in and sharing the script. I was constructing that one and testing, then i noticed your reply - so droped my plan and tested your EEM works as expected.

got his output, it was only port 24 that needed shut and no shut.

001227: Mar 16 20:02:52.316 cet: %HA_EM-6-LOG: RADIUS-MONITOR: -- Shutting Down VLAN 1 Ports --
001228: Mar 16 20:02:52.462 cet: %HA_EM-6-LOG: RADIUS-MONITOR: port = Port
001229: Mar 16 20:02:52.609 cet: %HA_EM-6-LOG: RADIUS-MONITOR: -- NO Shutting Ports --
001230: Mar 16 20:02:52.742 cet: %HA_EM-6-LOG: RADIUS-MONITOR: port = Gi1/0/24
001231: Mar 16 20:02:52.983 cet: %HA_EM-6-LOG: RADIUS-MONITOR: -- NO Shutting Ports --
001232: Mar 16 20:02:53.217 cet: %HA_EM-6-LOG: RADIUS-MONITOR: port = 011Gl
001233: Mar 16 20:02:53.366 cet: %HA_EM-6-LOG: RADIUS-MONITOR: -- NO Shutting Ports --
001234: Mar 16 20:02:54.877 cet: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/24, changed state to down
001235: Mar 16 20:02:57.086 cet: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/24, changed state to up

Works fine, but trying on the first and last line of the show command, and there for the "port = Port" and "port = 011Gl"

Is the VRF needed for the ping command?   Why not update the vrf context directly to the ping command?