Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1612
Views
10
Helpful
6
Replies

Issue with simple script for EIGRP Neighbors

Go to solution
Thomas McClintic
Level 1
Level 1

‎01-20-2017 08:14 AM 

event manager applet EIGRPNeighborChange
 event syslog pattern "%DUAL-5-NBRCHANGE"
 action 1.0 info type routername
 action 2.0 cli command "enable"
 action 2.1 cli command "show ip eigrp nei | inc 10."
 action 2.2 wait 5
 action 3.0 regexp " [0-9.]+ " "$_cli_result" result
 action 3.1 if $_regexp_result eq "0"
 action 4.0 mail server "SERVER" to "TO" from "FROM" subject "$_info_routername on Backup" body "Current EIGRP Neighbors: $_cli_result" source-address 1.1.1.1
 action 4.1 syslog msg "Eigrp alert: backup email sent"
 action 5.0 else
 action 5.1 mail server "SERVER" to "TO" from "FROM" subject "$_info_routername on Primary Circuit" body "Current EIGRP Neighbors: $_cli_result" source-address 1.1.1.1
 action 5.2 syslog msg "Eigrp alert: Primary circuit up email sent"
 action 6.0 end

The email comes through with the following body:

Current EIGRP Neighbors:

show ip eigrp nei | inc 10.

^

% Invalid input detected at '^' marker.

AAA is enabled on the router and I have tried to add bypass authentication, but had the same results.

Embedded Event Manager Version 4.00
Component Versions:
eem: (rel9)1.2.8
eem-gold: (rel1)1.0.2
eem-call-home: (rel2)1.0.4
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.05E RELEASE SOFTWARE (fc2)

Any help would be greatly appreciated! BTW this did work on a 810 router without issue.

The final resolution was to use bypass authorization as well as a session cli username.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Thomas McClintic

‎01-20-2017 01:17 PM

Try removing bypass auth and configure the event manager session cli username.  Then enable "debug event manager action cli" and look at the output.

View solution in original post

6 Replies 6

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎01-20-2017 01:02 PM

It's bypass authorization, but I don't see that in the applet configuration.  If you have AAA command authorization configured, you will either need to add "bypass auth" to the applet config line or configure "event manager session cli username USER" where USER is a username authorized to run all of the CLI commands.

My other question is does this command work manually from enable mode?  It really should if you have EIGRP configured, but it doesn't hurt to test it to make sure.

Go to solution
Thomas McClintic
Level 1
Level 1
In response to Joe Clarke

‎01-20-2017 01:08 PM

Joe, 

Thanks for responding. Yes, I have added the bypass without success. The way I have been testing it as follows, and then manually running the event.

event manager applet EIGRPNeighborChange bypass authorization
 event none
 action 1.0 info type routername
 action 2.0 cli command "enable"
 action 2.1 cli command "show ip eigrp nei | inc 10."
 action 2.2 wait 5
 action 3.0 regexp " [0-9.]+ " "$_cli_result" result
 action 3.1 if $_regexp_result eq "0"
 action 4.0 mail server "SERVER" to "TO" from "FROM" subject "$_info_routername on Backup" body "Current EIGRP Neighbors: $_cli_result" source-address 1.1.1.1
 action 4.1 syslog msg "Eigrp alert: backup email sent"
 action 5.0 else
 action 5.1 mail server "SERVER" to "TO" from "FROM" subject "$_info_routername on Primary Circuit" body "Current EIGRP Neighbors: $_cli_result" source-address 1.1.1.1
 action 5.2 syslog msg "Eigrp alert: Primary circuit up email sent"
 action 6.0 end
On your second question, yes this command works in enable and normal modes.
0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Thomas McClintic

‎01-20-2017 01:17 PM

Try removing bypass auth and configure the event manager session cli username.  Then enable "debug event manager action cli" and look at the output.

Go to solution
Thomas McClintic
Level 1
Level 1
In response to Joe Clarke

‎01-23-2017 11:35 AM

Okay, I think I may have found the issue and will continue to research. 

From the logs: 

show ip eigrp nei
Jan 23 19:33:02.870: %HA_EM-6-LOG: EIGRPNeighborChange : DEBUG(cli_lib) : : OUT : Command authorization failed.

This is using AAA and the local account is disabled in tacacs. I believe I read that I can restrict a vty for just the EEM and use local auth for it.

I will let you know how I get on.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Thomas McClintic

‎01-23-2017 11:37 AM

Yes, you can.  See the instructions in EEM Best Practices .

0 Helpful

Go to solution
Thomas McClintic
Level 1
Level 1
In response to Joe Clarke

‎01-23-2017 11:42 AM

Joe, a mixture of what you suggested worked perfectly. I had to add the username AND the bypass AAA. 

event manager session cli username "cisco" privilege 15
event manager applet EIGRPNeighborChange authorization bypas
 event syslog pattern "%DUAL-5-NBRCHANGE"
 action 1.0 info type routername
 action 2.0 cli command "enable"
 action 2.1 cli command "show ip eigrp nei | inc 10."
 action 2.2 wait 5
 action 3.0 regexp " [0-9.]+ " "$_cli_result" result
 action 3.1 if $_regexp_result eq "0"
 action 4.0 mail server "SERVER" to "TO" from "FROM" subject "$_info_routername on Backup" body "Current EIGRP Neighbors: $_cli_result" source-address 1.1.1.1
 action 4.1 syslog msg "Eigrp alert: backup email sent"
 action 5.0 else
 action 5.1 mail server "SERVER" to "TO" from "FROM" subject "$_info_routername on Primary Circuit" body "Current EIGRP Neighbors: $_cli_result" source-address 1.1.1.1
 action 5.2 syslog msg "Eigrp alert: Primary circuit up email sent"
 action 6.0 end

Thanks for all the help!

0 Helpful
Customers Also Viewed These Support Documents