I'm trying to create an EEM script to monitor the status of some EIGRP peers on a specific interface. The failure detection works, the problems I have are:
- The applet trigger is syslog, unfortunately there are two peers on the interface, so I get two syslogs, and thus the applet runs twice sending two traps. I only want one.
- I want the applet to wait for 10 minutes after it is triggered before checking the EIGRP neighbor status (in case the peer comes back up right away). The wait 600 seconds command doesn't seem to work as the trap is sent immediately.
Any help would be greatly appreciated!
snmp-server enable traps event-manager
event manager session cli username myuserid
event manager scheduler applet thread class default number 1
event manager applet backup-link-status
event syslog pattern "%DUAL-5-NBRCHANGE"
action 90 wait 600
action 100 cli command "show ip eigrp nei | inc Tu150"
action 110 regexp " [0-9.]+ " $_cli_result result
action 120 if $_regexp_result eq 0
action 130 syslog msg "Backup path down"
action 136 end
action 140 exit
I don't have the wait option under the IOS version that I have, so I can't test that. As far as your other, you're going to need to set up eem scripts for every neighbor that you have off of that interface and change your action to point to those neighbors.
Say that your neighbor is 192.168.1.10, 192.168.1.15, and 192.168.1.25
event syslog patter "%DUAL-5-NBRCHANGE:.*Neighbor 192.168.1.10.*is down"
action syslog msg "Neighbor 192.168.1.10 is down"
event syslog patter "%DUAL-5-NBRCHANGE:.*Neighbor 192.168.1.15.*is down"
action syslog msg "Neighbor 192.168.1.15 is down"
event syslog patter "%DUAL-5-NBRCHANGE:.*Neighbor 192.168.1.25.*is down"
action syslog msg "Neighbor 192.168.1.25 is down"
Then you'll get one message when they go down. The way that you have yours up above, I expect that it's also logging action 130 when the peering comes back up as well. You'll create another eem script for the up status if you wanted to log when they came back up.
Please rate useful posts...
This will not work since the EEM policy will terminate after 20 seconds. What you should do is have the first policy configure a second timer policy to do the actual check of the EIGRP neighbor state:
event manager environment q "
event manager applet backup-link-change
event syslog pattern "DUAL-5-NBRCHANGE"
action 001 handle-error type ignore
action 002 context retrieve key EIGRPCTX variable mutex
action 003 if $_error eq FH_EOK
action 004 exit 0
action 005 end
action 006 set mutex 1
action 007 context save key EIGRPCTX variable mutex
action 008 handle-error type exit
action 009 cli command "enable"
action 010 cli command "config t"
action 011 cli command "event manager applet backup-link-status"
action 012 cli command "event timer countdown time 600"
action 013 cli command "action 1.0 cli command $q enable$q"
action 014 cli command "action 2.0 cli command $q show ip eigrp nei | inc Tu150$q"
action 015 cli command "action 3.0 regexp $q ^V?[0-9.]+$q \$_cli_result"
action 016 cli command "action 4.0 if \$_regexp_result eq 0"
action 017 cli command "action 5.0 syslog msg $q Backup path is down$q"
action 018 cli command "action 6.0 end"
action 019 cli command "action 7.0 cli command $q config t$q"
action 020 cli command "action 7.1 context retrieve key EIGRPCTX variable mutex"
action 021 cli command "action 7.2 cli command $q no event manager applet backup-link-status$q"
action 022 cli command "action 7.3 cli command end"
action 023 cli command "end"
On action 015, that ^V? sequence is "Control+V,Control+V,?". You will need to type that in manually.
Depending on the timing of the two syslog messages, this may not defeat the double syslog. If not, you could change the first event line to:
event syslog pattern "DUAL-5-NBRCHANGE" occurs 2 period X
Where X is the number of seconds between messages.