Solved: Have EEM count the number of Lines

Jeffrey Simon · ‎06-10-2013

In *nix this is as simple as "wc -l" but unfortunately I can't seem to find a simple solution. For the purposes of this thread here is my test script...

event manager applet TEST authorization bypass

event syslog pattern "TRIGGER"

action 1.0 cli command "enable"

action 2.0 cli command "conf t"

action 3.0 cli command "show log"

action 4.0 cli command "COUNT NUMBER OF LINES FROM SHOW LOG -- $_cli_result"

Can someone let me know what action 4.0 would be in order to complete this task?

Thanks!

Joe Clarke · ‎06-10-2013

Assuming you have EEM 3.0 or higher, you could do:

action 4.0 set i 0

action 4.1 foreach line $_cli_result "\n"

action 4.2 incr i

action 4.3 end

action 4.4 puts "Number of lines is $i"

View solution in original post

Joe Clarke · ‎06-10-2013

Assuming you have EEM 3.0 or higher, you could do:

action 4.0 set i 0

action 4.1 foreach line $_cli_result "\n"

action 4.2 incr i

action 4.3 end

action 4.4 puts "Number of lines is $i"

Jeffrey Simon · ‎06-10-2013

Awesome. I will try later. Thank you!

Jeffrey Simon · ‎06-11-2013

Actually, that parially worked. Perhaps you can help me troubleshoot the results I am getting.

Here is my test script:

edge2821a#show run | sec event

event manager applet TEST authorization bypass

event none

action 1.0 cli command "enable"

action 2.0 cli command "conf t"

action 3.0 cli command "show ip nat trans"

action 4.0 set LINES "0"

action 4.1 foreach line "$_cli_result" "\n"

action 4.2 increment LINES

action 4.3 end

action 4.4 puts "Number of NAT Translations: $LINES"

Here is my actual NAT translation table:

edge2821a#show ip nat translations

Pro Inside global Inside local Outside local Outside global

udp 72.68.68.238:123 10.0.10.200:123 66.27.60.10:123 66.27.60.10:123

tcp 72.68.68.238:4030 10.0.20.100:4030 --- ---

tcp 72.68.68.238:4031 10.0.20.100:4031 --- ---

tcp 72.68.68.238:23 10.0.20.105:22 --- ---

tcp 72.68.68.238:80 10.0.20.105:80 199.248.199.110:59691 199.248.199.110:59691

tcp 72.68.68.238:80 10.0.20.105:80 --- ---

tcp 72.68.68.238:9090 10.0.20.201:8080 --- ---

tcp 72.68.68.238:443 10.0.20.225:80 --- ---

tcp 72.68.68.238:9022 10.0.21.230:22 173.70.201.69:49353 173.70.201.69:49353

tcp 72.68.68.238:9022 10.0.21.230:22 --- ---

udp 72.68.68.238:50817 10.0.21.231:50817 63.142.161.5:3997 63.142.161.5:3997

udp 72.68.68.238:55703 10.0.21.231:55703 63.142.161.5:1194 63.142.161.5:1194

udp 72.68.68.238:49917 10.0.30.30:49917 71.250.0.12:53 71.250.0.12:53

udp 72.68.68.238:50011 10.0.30.30:50011 71.250.0.12:53 71.250.0.12:53

udp 72.68.68.238:51973 10.0.30.30:51973 71.250.0.12:53 71.250.0.12:53

udp 72.68.68.238:56512 10.0.30.30:56512 71.250.0.12:53 71.250.0.12:53

udp 72.68.68.238:56639 10.0.30.30:56639 71.250.0.12:53 71.250.0.12:53

tcp 72.68.68.238:57373 10.0.30.30:57373 64.12.24.171:443 64.12.24.171:443

tcp 72.68.68.238:57404 10.0.30.30:57404 173.194.73.125:5222 173.194.73.125:5222

Pro Inside global Inside local Outside local Outside global

tcp 72.68.68.238:57412 10.0.30.30:57412 173.194.68.109:465 173.194.68.109:465

tcp 72.68.68.238:57413 10.0.30.30:57413 173.194.68.109:587 173.194.68.109:587

tcp 72.68.68.238:57414 10.0.30.30:57414 173.194.68.109:465 173.194.68.109:465

udp 72.68.68.238:57572 10.0.30.30:57572 71.250.0.12:53 71.250.0.12:53

tcp 72.68.68.238:60348 10.0.30.30:60348 173.194.76.108:993 173.194.76.108:993

udp 72.68.68.238:60413 10.0.30.30:60413 71.250.0.12:53 71.250.0.12:53

udp 72.68.68.238:61461 10.0.30.30:61461 71.250.0.12:53 71.250.0.12:53

tcp 72.68.68.238:61632 10.0.30.30:61632 17.149.36.76:5223 17.149.36.76:5223

udp 72.68.68.238:62019 10.0.30.30:62019 71.250.0.12:53 71.250.0.12:53

udp 72.68.68.238:63756 10.0.30.30:63756 71.250.0.12:53 71.250.0.12:53

udp 72.68.68.238:65134 10.0.30.30:65134 71.250.0.12:53 71.250.0.12:53

tcp 72.68.68.238:65188 10.0.30.30:65188 173.194.68.109:993 173.194.68.109:993

tcp 72.68.68.238:65274 10.0.30.30:65274 173.194.74.108:993 173.194.74.108:993

tcp 72.68.68.238:65310 10.0.30.30:65310 173.194.76.108:993 173.194.76.108:993

tcp 72.68.68.238:65311 10.0.30.30:65311 173.194.68.108:993 173.194.68.108:993

tcp 72.68.68.238:65312 10.0.30.30:65312 173.194.68.108:993 173.194.68.108:993

tcp 72.68.68.238:65374 10.0.30.30:65374 173.194.76.108:993 173.194.76.108:993

tcp 72.68.68.238:65429 10.0.30.30:65429 173.194.74.109:993 173.194.74.109:993

tcp 72.68.68.238:65466 10.0.30.30:65466 74.125.226.195:80 74.125.226.195:80

tcp 72.68.68.238:65467 10.0.30.30:65467 74.125.226.200:80 74.125.226.200:80

tcp 72.68.68.238:65469 10.0.30.30:65469 173.194.43.7:443 173.194.43.7:443

tcp 72.68.68.238:65470 10.0.30.30:65470 173.194.43.7:443 173.194.43.7:443

tcp 72.68.68.238:65471 10.0.30.30:65471 173.194.43.7:443 173.194.43.7:443

Pro Inside global Inside local Outside local Outside global

tcp 72.68.68.238:65472 10.0.30.30:65472 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65473 10.0.30.30:65473 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65474 10.0.30.30:65474 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65475 10.0.30.30:65475 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65476 10.0.30.30:65476 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65477 10.0.30.30:65477 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65478 10.0.30.30:65478 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65479 10.0.30.30:65479 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65480 10.0.30.30:65480 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65481 10.0.30.30:65481 173.194.75.99:443 173.194.75.99:443

tcp 72.68.68.238:65482 10.0.30.30:65482 192.168.1.1:2555 192.168.1.1:2555

tcp 72.68.68.238:65484 10.0.30.30:65484 206.46.232.12:465 206.46.232.12:465

tcp 72.68.68.238:65485 10.0.30.30:65485 173.194.68.109:465 173.194.68.109:465

tcp 72.68.68.238:65486 10.0.30.30:65486 173.194.68.109:465 173.194.68.109:465

tcp 72.68.68.238:65487 10.0.30.30:65487 173.194.68.109:587 173.194.68.109:587

tcp 72.68.68.238:52115 10.0.30.60:52115 204.8.241.230:443 204.8.241.230:443

tcp 72.68.68.238:52523 10.0.30.60:52523 204.8.241.230:443 204.8.241.230:443

tcp 72.68.68.238:52524 10.0.30.60:52524 204.8.241.230:443 204.8.241.230:443

tcp 72.68.68.238:52525 10.0.30.60:52525 204.8.241.230:443 204.8.241.230:443

tcp 72.68.68.238:52571 10.0.30.60:52571 17.172.232.217:5223 17.172.232.217:5223

tcp 72.68.68.238:52861 10.0.30.60:52861 173.194.74.108:993 173.194.74.108:993

tcp 72.68.68.238:53667 10.0.30.60:53667 204.8.241.230:443 204.8.241.230:443

Pro Inside global Inside local Outside local Outside global

tcp 72.68.68.238:53668 10.0.30.60:53668 173.194.68.109:993 173.194.68.109:993

tcp 72.68.68.238:50519 10.0.30.62:50519 69.171.230.22:443 69.171.230.22:443

tcp 72.68.68.238:50597 10.0.30.62:50597 17.149.36.120:443 17.149.36.120:443

tcp 72.68.68.238:50889 10.0.30.62:50889 173.252.103.48:443 173.252.103.48:443

tcp 72.68.68.238:51959 10.0.30.62:51959 23.67.251.64:80 23.67.251.64:80

tcp 72.68.68.238:52085 10.0.30.62:52085 69.171.233.33:443 69.171.233.33:443

tcp 72.68.68.238:52091 10.0.30.62:52091 17.149.36.162:443 17.149.36.162:443

tcp 72.68.68.238:52216 10.0.30.62:52216 17.172.233.111:443 17.172.233.111:443

tcp 72.68.68.238:53102 10.0.30.206:53102 184.51.206.137:80 184.51.206.137:80

tcp 72.68.68.238:52958 10.0.30.233:52958 173.194.68.108:993 173.194.68.108:993

tcp 72.68.68.238:52959 10.0.30.233:52959 173.194.68.109:993 173.194.68.109:993

tcp 72.68.68.238:52961 10.0.30.233:52961 173.194.68.108:993 173.194.68.108:993

tcp 72.68.68.238:52962 10.0.30.233:52962 173.194.68.108:993 173.194.68.108:993

tcp 72.68.68.238:59069 10.0.30.233:59069 17.158.10.36:443 17.158.10.36:443

tcp 72.68.68.238:59070 10.0.30.233:59070 17.158.10.36:443 17.158.10.36:443

tcp 72.68.68.238:59072 10.0.30.233:59072 74.125.226.233:443 74.125.226.233:443

tcp 72.68.68.238:65140 10.0.30.233:65140 173.194.73.125:5222 173.194.73.125:5222

tcp 72.68.68.238:53041 10.0.30.234:53041 173.194.68.108:993 173.194.68.108:993

tcp 72.68.68.238:53250 10.0.30.234:53250 173.194.74.108:993 173.194.74.108:993

tcp 72.68.68.238:53520 10.0.30.234:53520 17.172.232.158:443 17.172.232.158:443

tcp 72.68.68.238:54172 10.0.30.235:54172 17.149.36.165:5223 17.149.36.165:5223

tcp 72.68.68.238:54173 10.0.30.235:54173 17.172.238.204:443 17.172.238.204:443

Pro Inside global Inside local Outside local Outside global

tcp 72.68.68.238:55523 10.0.30.235:55523 173.194.76.108:993 173.194.76.108:993

Here is the output of my EEM script:

edge2821a#event manager run TEST

Number of NAT Translations: 4

The value of $LINES shoudl have been 92, not 4. Can you help me to identify the problem?

Thanks!

Joe Clarke · ‎06-11-2013

You should print $_cli_result. I'll bet it says something like "Command authorization failed." In which case, you need to configure:

event manager session cli username USER

Where USER is a user authorized to run your commands.

Jeffrey Simon · ‎06-11-2013

You are partially correct... I am getting an error but not unauthorized user...

Here is my script:

edge2821a#show run | sec event

event manager session cli username "jsimon"

event manager applet TEST authorization bypass

event none

action 1.0 cli command "enable"

action 2.0 cli command "conf t"

action 3.0 cli command "show ip nat translations"

action 3.1 puts "$_cli_result"

action 4.0 set LINES "0"

action 4.1 foreach line "$_cli_result" "\n"

action 4.2 increment LINES

action 4.3 end

action 4.4 puts "Number of NAT Translations: $LINES"

Here is the script results:

edge2821a#event manager run TEST

^

% Invalid input detected at '^' marker.

edge2821a(config)#

Number of NAT Translations: 4

Thoughts about why i would be getting this? Is there a typo somewhere that I am not seeing?

Joe Clarke · ‎06-11-2013

With all of the text, I missed the obvious. You're running this command in config mode. Remove action 2.0, and it should work.

Jeffrey Simon · ‎06-11-2013

Hahaha. Thank you. It would have taken me a week to see that.

Thank you!!!

edge2821a#event manager run TEST

Number of NAT Translations: 80

Jeffrey Simon · ‎06-11-2013

So this was the first part of my script. I was going to worry bout the second part at a later point in time because I thought this would take me a while. While I have someone knowledgeable in this area maybe you could assist me with the second part as well?

The actual command I am going to be running is not "show ip nat translations" it is going to be show ip nat trans vrf X"

I can generate a list of active VRF's on each box with "show vrf | i /"

a 1.1.1.1:1 ipv4 Gi1/1

b 2.2.2.2:2 ipv4 Gi2/2

c 3.3.3.3:3 ipv4 Gi3/3

d 4.4.4.4:4 ipv4 Gi4/4

e 5.5.5.5:5 ipv4 Gi5/5

Do you know how I can go about parsing the first column of a,b,c,d & e in order to cycle them through the above command "show ip nat trans vrf X"?

In *nix I would simply use the cut command... in EEM I have no idea how I would accomplish this.

Just to make sure this is clear, I want the final output of the script to be:

VRF a NAT Translations: 12345

VRF b NAT Translations: 23456

VRF c NAT Translations: 34567

VRF d NAT Translations: 45678

VRF e NAT Translations: 56789

It would be great if I could take the generic script and put it on any box with an active VRF and have it messure the current number of NAT translations without having to modify the script for each router.

Let me know if you have any idea how I could go about accomplishing this.

Thank you again for all of your help!

Joe Clarke · ‎06-11-2013

You can do this with appropriate action labels:

set output $_cli_result

foreach line $output "\n"

regexp "^([^ ]+) " $line match vrf

if $_regexp_result eq 1

cli command "show ip nat trans vrf $vrf"

end

Jeffrey Simon · ‎06-11-2013

I apparently need to do some reading on regexp before I proceed. I attempted to test this but didn't get it working. If I wanted to just have the output of the EEM script be the names of the VRF's in that column what would "show run | sec event" look like?

If I wanted event manager run TEST and the output would look something like this:

a

b

c

d

e

Joe Clarke · ‎06-11-2013

event manager applet vrf-test

event none

action 1.0 cli command "enable"

action 2.0 cli command "show vrf | inc /"

action 2.1 set output $_cli_result

action 2.2 foreach line $output "\n"

action 2.3 regexp "^([^ ]+) " $line match vrf

action 2.4 if $_regexp_result eq 1

action 2.5 puts $vrf

action 2.6 end

action 2.7 end

Jeffrey Simon · ‎06-12-2013

Thank you for all the help, it is much appreciated. Unfortunately, I am unable to get the results I am looking for from the second part of this script.

I have created test VRF's...

show vrf

edge2821#show vrf

Name Default RD Protocols Interfaces

TEST

TEST2

TEST3

I have added the script and modiefied to stop looking for the interface the VRF is attached to with "/"

show run | sec event

event manager applet VRF-TEST authorization bypass

event none

action 1.0 cli command "enable"

action 2.0 cli command "show vrf"

action 2.1 set output "$_cli_result"

action 2.2 foreach line "$output" "\n"

action 2.3 regexp "^([^ ]+) " "$line" match vrf

action 2.4 if $_regexp_result eq 1

action 2.5 puts "$vrf"

action 2.6 end

action 2.7 end

And I have tested the script

event manager run VRF-TEST [NO OUTPUT]

edge2821a#

Any ideas about this one? To be up front I am not familiar enough with regex to troubleshoot this part of the script.

Joe Clarke · ‎06-12-2013

The output is actually indented, so you'll need:

event manager applet vrft

event none

action 1.0 cli command "enable"

action 2.0 cli command "show vrf"

action 3.0 set output "$_cli_result"

action 4.0 foreach line "$output" "\n"

action 4.1 string trim "$line"

action 4.2 set line "$_string_result"

action 5.0 regexp "^([^ ]+) " "$line" match vrf

action 6.0 if $_regexp_result eq "1"

action 7.0 puts "$vrf"

action 8.0 end

action 9.0 end

mfurnival · ‎06-12-2013

Jeffrey,

It is really in response to your initial query but you can count the number of lines natively if you are running IOS 12.4 or later:

#show run | count

http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/feat_show_cmd_redrct_ps6350_TSD_Products_Configuration_Guide_Chapter.html