Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1400
Views
0
Helpful
4
Replies

How to retrieve a string from debug log using tcl

Go to solution
pangassam
Level 1
Level 1

‎08-13-2015 08:41 AM

Hi there,

I would like to write an EEM script that will be able to detect when a BGP neighbor goes down and then shutdown that neighbor.

i.e if this event shown below is detected :

2:35:15.459: %BGP-5-ADJCHANGE: neighbor 10.10.10.10 Down

I would like my script to retrieve the BGP ID of the peer 10.10.10.10 and then shutdown this neighbor. Network ops will enable the neighbor manually.

 

There might be other way to achieve this, my preferred way is to use a script if that's possible. 

Thanks for helping.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to pangassam

‎08-14-2015 02:45 PM

That's a different syslog message than the one you showed originally.  If you need to also match that one, then you need:

 

 action 1.0 regexp "neighbor ([0-9\.]+) .*Down" $_syslog_msg match peer

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎08-13-2015 01:28 PM

You can do this:

 

event manager applet bgp-peer-down

 event syslog pattern "BGP-5-ADJCHANGE:.*Down"

 action 1.0 regexp "neighbor ([0-9\.]+) Down" $_syslog_msg match peer

 action 2.0 cli command "enable"

 action 3.0 cli command "config t"

 action 4.0 cli command "DO COMMANDS TO SHUTDOWN $peer"

0 Helpful

Go to solution
pangassam
Level 1
Level 1
In response to Joe Clarke

‎08-14-2015 01:05 PM

Thanks Jo, I will give it a try.

0 Helpful

Go to solution
pangassam
Level 1
Level 1
In response to pangassam

‎08-14-2015 02:36 PM

 

I am getting an error related to the variable $peer when I try to execute this script :

 

*Aug 14 21:19:19.102: %BGP-5-ADJCHANGE: neighbor 10.238.100.3 vpn vrf TC Down Admin. shutdown
*Aug 14 21:19:19.182: %HA_EM-3-FMPD_UNKNOWN_ENV: fh_parse_var: could not find environment variable: peer
*Aug 14 21:19:19.182: %HA_EM-3-FMPD_ERROR: Error executing applet bgp-peer-down statement 6.0
*Aug 14 21:19:19.182: %SYS-5-CONFIG_I: Configured from console by vty0

 

Here is the applet I have :

 

event manager applet bgp-peer-down
 event syslog pattern "BGP-5-ADJCHANGE:.*Down"
 action 1.0 regexp "neighbor ([0-9\.]+) Down" $_syslog_msg match peer
 action 2.0 cli command "enable"
 action 3.0 cli command "config t"
 action 4.0 cli command "router bgp 65512"
 action 5.0 cli command "address-family ipv4 vrf TC"
 action 6.0 cli command "no neighbor $peer shutdown"

 

 

 

 

 

 

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to pangassam

‎08-14-2015 02:45 PM

That's a different syslog message than the one you showed originally.  If you need to also match that one, then you need:

 

 action 1.0 regexp "neighbor ([0-9\.]+) .*Down" $_syslog_msg match peer

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card