Hi all - TIA for any help you can provide. I suspect others will find this use case very useful. I have RTFM, but maybe I am missing something. I don't have a strong background in programming. Some shells scripts and perl, but been some years so probably not helping...
We have a bunch of 3850's and for unknown reasons ports will randomly get shut down. Not err-disable, but admin disable - as in "interface x/y/z shut". It's the weirdest thing! There are no log messages nor config changes logged when this happens. Causing major issues.
Until Cisco can fix it, I thought an EEM script that would listen for syslog messages and "no shut" the port that was just shut, such as:
MY-POS-3850#show even manager policy registered
No. Class Type Event Type Trap Time Registered Name
1 applet user syslog Off Wed Jun 21 04:27:02 2017 GG-test
pattern {GigabitEthernet[1-9]/0/[1-48], changed state to administratively down}
maxrun 60.000
action 1 cli command "enable"
action 2 cli command "conf t"
action 3 cli command "int g1/0/1" ! This is static cause I don't know how to reference variable from syslog!
action 4 cli command "no shut"
action 5 cli command "end"
This all works, but obviously I don't want to no shut g1/0/1 every time. If the syslog says ...GigabitEthernet3/0/27, then I want action 3 command to be "int GigabitEthernet3/0/27".
How do I do this? foreach? Seems an odd way to do it, but maybe that would work? I would expect I could reference impacted interface name contained in the syslog message as a token offset? Ie: something like: set _IFNAME = token 7. action 3 cli command "int $_IFNAME".
Any help appreciated! Thanks!!!
Gary
