Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1795
Views
0
Helpful
5
Replies

Nexus EEM Script Action off Log Message

nonamer15
Level 1
Level 1

‎09-24-2018 09:45 AM

I'm trying to write an EEM script on a Nexus 93180 running 7.x. From what I've written in IOS/IOS XE, the behavior on Nexus seems to be completely different. For instance, below is a test script that I'm trying to get to work.

event manager applet test
 event syslog pattern "admin"
 action 01 syslog msg test

 

What I would expect to happen is when a log message contains the string admin, another log message will be sent with the text test. This works as expected on IOS. On Nexus, as soon as I enter the commands, I start receiving several logs per sec.

2018 Sep 24 12:39:21 lab %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.bin.21197
2018 Sep 24 12:39:21 lab %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.bin.21209
2018 Sep 24 12:39:22 lab %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.bin.21221
2018 Sep 24 12:39:22 lab %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.bin.21233
2018 Sep 24 12:39:22 lab %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.bin.21245
2018 Sep 24 12:39:23 lab %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.bin.21260
2018 Sep 24 12:39:23 lab %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.bin.21272

 

What does the script need to be changed to in order to get the expected behavior on Nexus? Thanks.

0 Helpful
5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

‎09-25-2018 11:44 AM

EEM is very different on NX-OS compared to IOS.  What you're seeing is expected there, and is documented in bug CSCvc98133.  Essentially, you've built an infinite loop.  If you picked another syslog to intercept, you wouldn't see this problem.  Alternatively, you can do what the bug says and decrease the severity level of the vshd process.

0 Helpful

nonamer15
Level 1
Level 1
In response to Joe Clarke

‎09-25-2018 02:25 PM

Thanks for the information Joe.

 

I used a different syslog string and I didn't see the same spamming of the log. I also issued the command logging level vshd 4 and the spamming has stopped. What if I wanted to run an EEM script whenever someone left configuration mode? It doesn't seem to be possible as when you change the logging level, it suppresses that syslog message I would normally use to key off of.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to nonamer15

‎09-26-2018 08:29 AM

Unfortunately, I don't know if you can.  I haven't seen any examples from NX-OS that do this.

0 Helpful

nonamer15
Level 1
Level 1
In response to Joe Clarke

‎09-26-2018 11:35 AM

Hm. Strange.

 

So I ended up writing a python script as that seemed to be the easiest alternative for me. The only question I have is how do I write messages to the logfile? Within the script, my print commands do not show up within the log. I'm used to on IOS/IOS XE being able to issue send log x, but that command doesn't seem to exist on Nexus. Any idea how to accomplish this?

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to nonamer15

‎09-26-2018 01:53 PM

There is a hidden CLI command in NX-OS, "logit" that will generate syslogs:

logit This is a test

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents