08-19-2015 12:02 PM
I've got 2 7609's...both running the same code, 12.2(33)SRE9...and I have the same scripts on each, which are used to detect circuits with errors, and generate SYSLOG messages and even go OSPF passive if more than 2500 errors in a minute. For the life of me, I can't figure out why the script works fine on one router, but not the other. The script:
event manager applet DIRTY_CIRCUIT7
event interface name Serial3/2/3 parameter input_errors entry-op ge entry-val 100 entry-type increment poll-interval 60
action 10 if $_interface_delta_value ge 2500
action 20 syslog msg "$_interface_delta_value $_interface_parameter on $_interface_name in the past minute (MAKING INTERFACE PASSIVE - CALL IN CIRCUIT)"
action 20.1 cli command "enable"
action 20.2 cli command "config t"
action 20.3 cli command "router ospf 77"
action 20.4 cli command "passive-interface $_interface_name"
action 20.5 cli command "end"
action 30 else
action 40 syslog msg "$_interface_delta_value $_interface_parameter on $_interface_name in the past minute (MONITOR CIRCUIT)"
action 50 end
The 'bad' router appears to invoke the script just fine from looking at the log AND show commands:
005973: Aug 19 11:27:27.704 CDT: %HA_EM-6-LOG: DIRTY_CIRCUIT7: 3970 input_errors on Serial3/2/3 in the past minute (MAKING INTERFACE PASSIVE - CALL IN CIRCUIT)
pwauRWucWMDA01#sh event manager history events
No. Job Id Proc Status Time of Event Event Type Name
9 2150 Actv success Wed Aug19 11:27:27 2015 interface applet: DIRTY_CIRCUIT7
...but the interface is definitely not going passive like it should. Any help is appreciated.
Thanks,
Cory
08-20-2015 07:22 AM
It could be you're missing "event manager session cli user" on the other router, and you're doing AAA command authz. If you enable "debug event manager action cli" you can see what's happening from a CLI point of view.
08-20-2015 08:01 AM
Thanks, Joseph. I checked the configs on both routers, and the AAA stuff is identical on both.
Regardless, I'm going to turn on debug like you suggested, and hopefully find out what's going on with my script the next time it's invoked.
09-15-2015 02:54 PM
Joseph, you were right. This recently-deployed command turned out to be the culprit:
"aaa authorization commands 15 default group tacacs+ local"
We need this command in for other reasons, so I'll have to create a new EEM TACACS account.
Thanks,
Cory
09-15-2015 11:45 PM
You can add "auth bypass" to the event manager applet line to bypass AAA authz. You can also, as I said earlier, add the "event manager session cli user" command to tell EEM which AAA user to use to authorize commands. This will require a user in the AAA system.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide