10-24-2023 03:44 AM
Hi all,
I'm making EEM script to drop MAC address duplicate in syslog.
If syslog msg "%IP-4-DUPADDR: Duplicate address .... " => Drop MAC address by EEM script in my Cisco device.
- Model: WS-C3560X-48
- IOS verion: 15.0(2)SE10a
EEM and CLI command to config:
username admin_drop privilege 15 secret <Password>
event manager session cli username "admin_drop"
event manager applet Drop_MacAddr
event syslog pattern "%IP-4-DUPADDR: Duplicate address*"
action 1 cli command "enable"
action 2 cli command "config t"
action 3 regexp "on Vlan([0-9]+)" "$_syslog_msg" match vlan
action 4 regexp "sourced by ([a-f0-9]+\.[a-f0-9]+\.[a-f0-9]+)" "$_syslog_msg" match mac
action 5 puts "Duplicate MAC Addr: $mac of Vlan$vlan"
action 6 cli command "mac address-table static $mac vlan $vlan drop"
action 7 syslog msg "--> Applied Drop Duplicate MAC Adress: $mac of Vlan$vlan"
action 8 cli command "end"
action 9 cli command "write"
Testing with sending a syslog msg:
Switch_L3#send log %IP-4-DUPADDR: Duplicate address 192.168.123.10 on Vlan555, sourced by 1234.5678.abcd
After that check log but there is problem. This is debug log:
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : CTL : cli_open called.
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : <banner motd>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>enable
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Translating "enable"
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>config t
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : ^
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT :
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr: Duplicate MAC Addr: 1234.5678.abcd of Vlan555
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>mac address-table static 1234.5678.abcd vlan 555 drop
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : ^
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT :
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr: --> Applied Drop Duplicate MAC Adress: 1234.5678.abcd of Vlan555
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>end
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Translating "end"
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>write
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Translating "write"
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : CTL : cli_close called.
tty is now going through its death sequence
It seems username problem (already priv 15 level) and error from command "enable". I tried some other changes but still not work.
Please help me with problem. Thank you so much.
10-24-2023 04:39 AM
- You could also try to use a logging discriminator :
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/configuration/xe-16-5/esm-xe-16-5-book/reliable-del-filter.html#GUID-87920FBF-24C3-4D50-801F-1E0FAAFE7297
M.
10-24-2023 06:41 PM
Thanks @marce1000 for your suggestion.
The problem is privilege level to config. Today, I try to change and EEM working now:
Before: privilege exec level 10 enable (username not working with "enable" commands although already 15 level configured)
After: no privilege exec level 10 enable (working). But all usernames (priv level 0 to 15, can type "enable" to enter mode configuration ~~. May I fix this?
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide