I would like to monitor an ACL counter through SNMP. I found out that this is not directly possible on our device, an ISR4331 Router, so I am trying to achieve this using the "Cisco Embedded Automation Systems - EASy Custom-MIB Polling and Data Collection" guide (https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/embedded-automation-systems/ppt_EASy_Custom_MIB_c78-577847.pdf).
However it seems that there is a problem either with the match command or the regular expression, as when I perform the snmpget I always get an empty value - snmpwalk -v2c -c <community_string> <ip address> 22.214.171.124.126.96.36.199.188.8.131.52
SNMPv2-SMI::mib-184.108.40.206.220.127.116.11.18.104.22.168.22.214.171.124.126.96.36.199.188.8.131.52.184.108.40.206.220.127.116.11.18.104.22.168.22.214.171.124.126.96.36.199 = ""
So basically the EEM is generating the required OID, just that the result I want to get is not being populated correctly.
Current config looks like -
snmp mib expression owner __custom-mib_owner name __custom-mib_name
event manager environment __easy_PREFIX flash:/easy/
event manager environment countdown_entry 60
event manager environment nok_msg Expression found
event manager environment ip_address <ip address of snmp poller>
event manager environment rw_community <snmp community>
event manager environment custom-mib_mode SNMP_RFC2982
event manager environment match_cmd show int gigabitEthernet 0/0/1
event manager environment match_pattern Description
event manager directory user policy "flash:/easy/"
event manager policy tm_customMIB_SNMP_RFC2982.tcl type user
P.S. I also tried to play around with various matching commands/regex (for example here I put "Description" as match_pattern, but I even tried to replicate the guide's example - ".([0-9]+).*packets input"), but all to no avail.
As mentioned above I want to use this to get a hit counter from an ACL - show ip access-lists <name of acl> | inc deny ip any any
Can you kindly help?
Can you share the output which you are trying to regex and indicate what element of the text you want to match?
Coming up with the correct expression should be easy.
As mentioned I want to get the counter from a particular line in an ACL, similar to 'show ip access-lists <name of acl> | inc deny ip any any'. As such I was trying to use the following as configs-
event manager environment match_cmd show ip access-lists <name of acl>
event manager environment match_pattern deny ip any any
This, I expect, should return the whole line, similar to this: "830 deny ip any any (11454112 matches)". Then I would do some post-processing from my SNMP collector to parse just the counter from the whole line, which should be quite easy. If there is a more direct way how to get just the counter, please advise. However, unfortunately as mentioned, I always get an empty string ("").
Thanks in advance.
Your EEM script should have a structure like this:
! event mananger applet regex_test action 1.0 cli command "show ip access-lists <name of acl> | inc deny ip any any" action 1.1 regexp "[(]\d.*?[)]" $_cli_result $deny_ip_any_any_count end !
...in the above example the cli result is parsed by the regex and assigned to the variable $deny_ip_any_any_count
So the output "830 deny ip any any (11454112 matches)" will result in the $deny_ip_any_any_count having a value of " (11454112 matches)" .
Is this what you were after?? :)
Thanks again Seb. But please bear in mind that I need to be able to get this using SNMP. If I understood well, your example will output the value in a variable, but I am not sure how this can retrieved by SNMP.
Ah OK. Providing you have the SNMP server specified on the switch you can create a SNMP Trap to be sent. The EEM script will look like:
! event manager applet regex_test action 1.0 cli command "show ip access-lists <name of acl> | inc deny ip any any" action 1.1 regexp "[(]\d.*?[)]" $_cli_result $deny_ip_any_any_count action 1.2 snmp-trap strdata "ACL-<name_of_acl> deny count $deny_ip_any_any_count" end !
Would it be possible to generate an SNMP OID, just like the "Cisco Embedded Automation Systems - EASy; Custom-MIB Polling and Data Collection" package promises to do?
The issue is that our monitoring tool is capable only of handling SNMP gets, not traps. FYI we are using Prometheus SNMP exporter package to get the data, and then using Grafana to display it neatly.
I have now only just learnt about EASy, and from what I've read I think I'd need to little time to get a working solution.
Maybe @Joe Clarke our resident EEM expert can give you a solution to this particular problem....
Yes, you can populate the EXPRESSION-MIB with custom objects using EEM. Depending on your platform and software version, this is done in different ways. I have also constructed my own Prometheus exporters in Python to grab CLI data and expose metrics. Depending on how many devices you need to support, an off-box exporter might be more useful.
Here is an example script that grabs some metrics via CLI: https://www.marcuscom.com/viewvc/viewvc.cgi/marcuscom/ciscolive/automation/network/poll_macs.py?revision=20537&view=markup
And here is the exporter to Prometheus: https://www.marcuscom.com/viewvc/viewvc.cgi/marcuscom/ciscolive/automation/network/mac_metrics.py?revision=20612&view=markup
Thanks for this, I will look into the exporters.
To be sincere I was looking more into not using more exporters (we already have quite a lot of them). My ideal solution was to keep on using SNMP exporter and just get my value through a simple SNMP Get for a specific OID, just like EASy intended to do.
So if you can help to achieve this (if even possible), I would truly appreciate it. Otherwise, thanks just the same! :)
The EASy package is well out of date for your platform. This script provides support for IOS-XE, but you'll need to read through it to see how to use it effectively. It will provide you the custom SNMP objects, though.