Hello Joe,

thanks  for your help,

I have basic skills and i coudn't enter the script.

i did 

event manager environment test::cisco::eem::event_register_syslog pattern "LINEPROTO-5-UPDOWN" maxrun 600

But its always taking only the last line i entered.

How can i enter the script please ?

Thanks again for helping me

These are EEM Tcl policies.  They need to be registered as so.  See http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/12_2sx/nm_12_2sx_book/nm_eem_policy_tcl.html#wp1174855%0A and search on page for "Registering and Defining an EEM Tcl Script".

Hello Joe,

Thanks for your answer, I did register the EEMs correctly.

I looked to the link you sent me : https://supportforums.cisco.com/docs/DOC-39192

but i don't know which script to use as there is 3 of them.

Thanks again for your help.

Since you care about last data on an interface, you don't need the syslog policy that matches on interfaces coming up.  Instead you could do everything you need with the timer policy.  I'm attaching the original here for you.

Hello Joseph,

I tryed to follow what you showed me.

- I created a  "policies" directory on flash and copy the script tm_suspend_ports.txt to it.

- Register the script using the following commands

(config)#event manager directory user policy flash:/policies

(config)#event manager policy tm_suspend_ports.tcl

Is that all it need, or is there any other steps ?

How can I enter the number of days which after the ports will go down  please ?

I  thank you

This is all that's needed to register this policy as-is.  But you will need to make changes to add support for your specific use case of looking at last packet input.  The code as it stands now looks for ports that are operational down.  You'll need to add the code that looks at the "show interface" output to see when the last input was.

To set the number of days, configure:

event manager environment suspend_ports_days NUM_DAYS

hello Joe,

On forums, i saw that some people said that I need my switch to be connected to tacacs, otherwise it won't work.

I am doing my tests on a isolated switch that works with a local username.

Would it be a problem you think ?

Not at all. It will work better since you do not need the roundtrip to the AAA server.

Hello Joe,

I tryed and tryed. but it seems that i am missin on something.

Could we togheter at my configuration ?

The config looks okay for the original behavior of the scripts.  The timer policy should run every night at midnight provided your clock is properly synced (but you're not running NTP, so that is likely not the case).  You'll need to look at your logging output to see if there are errors, plus you'll need to configure an authoritative clock source.