I want to create just one applet to monitor all my vpn tunnels ( I cannot use .tcl scripting, it bombs on sending emails to our old SMTP server, but applets work fine).
Here is what I have ....
event manager applet VPN-Down
event syslog occurs 1 pattern ".*%CRYPTO-5-SESSION_STATUS:.*Crypto.*tunnel.*is.*DOWN.*192.168.1.1.*"
action 0 cli command "enable"
action 1.0 syslog msg "VPN is down"
action 2.0 cli command "show crypto isakmp sa | incl 192.168.1.1"
How do I work this so I can pull the ip address (192.168.1.1) from the syslog match as a variable and then run the appropriate commands?
Any help would be awesome.
What version of code are you running?
The output of the command executed via 'action cli' is placed into the $_cli_result variable (see "Table 1 EEM Built-in Variables for action cli Command"):
Can can then use that variable and run it through a regexp if you are using EEM version 3.0 or later:
See I would like to match an event more generically like....
event syslog occurs 1 pattern ".*%CRYPTO-5-SESSION_STATUS:.*Crypto.*tunnel.*is.*DOWN.*
Does this event detection match store itself in a variable? (like _event_type_string)
If so, I can then run the "action regex" against that output?
Yeah that's a better way of handling it but again, you need to have the action regex available in the version of IOS you are using.
For the syslog event detector the captured syslog message is saved off into the $_syslog_msg variable. See:
Also see the following for the variable being used in an applet but in a different way than you want to:
If it is a duplicate post at the very least point to the other post please.
Hover your cursor above the OP's name and you'll see the duplicate post.