Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
1
Replies

Issues with Regular Expressions in Cisco EEM Script - Need Help

angelito_mas
Level 1
Level 1

‎08-19-2024 04:03 AM - edited ‎08-19-2024 04:09 AM

Hi everyone,

I am encountering a problem with an EEM (Embedded Event Manager) script on a Cisco router and could use some assistance. I’ve written a script to monitor the status of an IPsec tunnel and determine which security profile is being used. However, my script seems to be failing to match the regular expressions to the command output correctly.

Script Details
Here is the EEM script I’ve written:

event manager applet CHECK_TUNNEL
event cli pattern "tunnel status" enter
action 1.0 cli command "enable"
action 1.1 cli command "show crypto session detail | s Session status"
action 1.2 regexp "Session status: UP-ACTIVE" "$_cli_result" match
action 1.3 if $_regexp_result eq "1"
action 1.4 puts "The IPSEC Tunnel is UP."
action 1.5 cli command "show crypto session detail | include Profile" 
action 1.7 regexp "Profile: PPK-1" "$_cli_result" 1_match
action 1.8 regexp "Profile: PPK-2" "$_cli_result" 2_match
action 1.9 regexp "Profile: PPK-3" "$_cli_result" 3_match
action 2.0 if $1_match eq "1"
action 2.1 puts "The tunnel is secured by 1."
action 2.2 end
action 2.3 if $2_match eq "1"
action 2.4 puts "The tunnel is secured by 2."
action 2.5 end
action 2.6 if $3_match eq "1"
action 2.7 puts "The tunnel is secured by 3."
action 2.8 end
action 2.9 else
action 3.0 puts "The IPSEC Tunnel is DOWN."
action 3.1 end

Problem
When I run the tunnel status command, the script correctly detects that the tunnel is UP. However, it seems that the regular expressions used to determine which security profile is in use are not functioning properly.

I have checked the output of the command show crypto session detail | include Profile, and it looks like this:

Profile: 1


However, my script does not correctly identify the profile and fails to print the correct message.

What I’ve Tried
Checked the command output manually to ensure it matches the expected output exactly.
Added debug statements to check the results of the regular expressions.
Reviewed the regular expressions to ensure they are correct and not containing syntax errors. Could you please help me understand why the regular expressions are not working as expected? Is there a specific configuration or syntax that I need to consider for regular expressions in Cisco EEM? What could be common causes for this type of issue, and how can I resolve them?

Thank you in advance for your assistance!

0 Helpful
1 Reply 1

Dan Frey
Cisco Employee
Cisco Employee

‎08-19-2024 06:35 AM

Try using these changes to match the profile.

action 1.7 regexp "Profile: ([a-zA-Z0-9\-]+)" "$_cli_result" match profile
action 1.8 if $_regexp_result eq 1
action 1.9 puts "The tunnel is secured by $profile"
action 2.0 end
action xx ....

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card