cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1079
Views
0
Helpful
4
Replies
pangassam
Beginner

How to retrieve a string from debug log using tcl

Hi there,

I would like to write an EEM script that will be able to detect when a BGP neighbor goes down and then shutdown that neighbor.

i.e if this event shown below is detected :

2:35:15.459: %BGP-5-ADJCHANGE: neighbor 10.10.10.10 Down

I would like my script to retrieve the BGP ID of the peer 10.10.10.10 and then shutdown this neighbor. Network ops will enable the neighbor manually.

 

There might be other way to achieve this, my preferred way is to use a script if that's possible. 

Thanks for helping.

1 ACCEPTED SOLUTION

Accepted Solutions
Joe Clarke
Hall of Fame Cisco Employee

That's a different syslog message than the one you showed originally.  If you need to also match that one, then you need:

 

 action 1.0 regexp "neighbor ([0-9\.]+) .*Down" $_syslog_msg match peer

 

View solution in original post

4 REPLIES 4
Joe Clarke
Hall of Fame Cisco Employee

You can do this:

 

event manager applet bgp-peer-down

 event syslog pattern "BGP-5-ADJCHANGE:.*Down"

 action 1.0 regexp "neighbor ([0-9\.]+) Down" $_syslog_msg match peer

 action 2.0 cli command "enable"

 action 3.0 cli command "config t"

 action 4.0 cli command "DO COMMANDS TO SHUTDOWN $peer"

Thanks Jo, I will give it a try.

 

I am getting an error related to the variable $peer when I try to execute this script :

 

*Aug 14 21:19:19.102: %BGP-5-ADJCHANGE: neighbor 10.238.100.3 vpn vrf TC Down Admin. shutdown
*Aug 14 21:19:19.182: %HA_EM-3-FMPD_UNKNOWN_ENV: fh_parse_var: could not find environment variable: peer
*Aug 14 21:19:19.182: %HA_EM-3-FMPD_ERROR: Error executing applet bgp-peer-down statement 6.0
*Aug 14 21:19:19.182: %SYS-5-CONFIG_I: Configured from console by vty0

 

Here is the applet I have :

 

event manager applet bgp-peer-down
 event syslog pattern "BGP-5-ADJCHANGE:.*Down"
 action 1.0 regexp "neighbor ([0-9\.]+) Down" $_syslog_msg match peer
 action 2.0 cli command "enable"
 action 3.0 cli command "config t"
 action 4.0 cli command "router bgp 65512"
 action 5.0 cli command "address-family ipv4 vrf TC"
 action 6.0 cli command "no neighbor $peer shutdown"

 

 

 

 

 

 

Joe Clarke
Hall of Fame Cisco Employee

That's a different syslog message than the one you showed originally.  If you need to also match that one, then you need:

 

 action 1.0 regexp "neighbor ([0-9\.]+) .*Down" $_syslog_msg match peer

 

View solution in original post