Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1320
Views
0
Helpful
4
Replies

"Dirty Circuit" script not working

CORY HEBERT
Level 1
Level 1

‎08-19-2015 12:02 PM

I've got 2 7609's...both running the same code, 12.2(33)SRE9...and I have the same scripts on each, which are used to detect circuits with errors, and generate SYSLOG messages and even go OSPF passive if more than 2500 errors in a minute.  For the life of me, I can't figure out why the script works fine on one router, but not the other.  The script:

 

event manager applet DIRTY_CIRCUIT7
 event interface name Serial3/2/3 parameter input_errors entry-op ge entry-val 100 entry-type increment poll-interval 60
 action 10   if $_interface_delta_value ge 2500
 action 20    syslog msg "$_interface_delta_value $_interface_parameter on $_interface_name in the past minute (MAKING INTERFACE PASSIVE - CALL IN CIRCUIT)"
 action 20.1  cli command "enable"
 action 20.2  cli command "config t"
 action 20.3  cli command "router ospf 77"
 action 20.4  cli command "passive-interface $_interface_name"
 action 20.5  cli command "end"
 action 30   else
 action 40    syslog msg "$_interface_delta_value $_interface_parameter on $_interface_name in the past minute (MONITOR CIRCUIT)"
 action 50   end

 

The 'bad' router appears to invoke the script just fine from looking at the log AND show commands:

005973: Aug 19 11:27:27.704 CDT: %HA_EM-6-LOG: DIRTY_CIRCUIT7: 3970 input_errors on Serial3/2/3 in the past minute (MAKING INTERFACE PASSIVE - CALL IN CIRCUIT)

pwauRWucWMDA01#sh event manager history events
No.  Job Id Proc Status   Time of Event            Event Type        Name
9    2150   Actv success  Wed Aug19 11:27:27 2015  interface         applet: DIRTY_CIRCUIT7

 

...but the interface is definitely not going passive like it should.  Any help is appreciated.

Thanks,

Cory

 

Labels:
0 Helpful
4 Replies 4

Joe Clarke
Cisco Employee
Cisco Employee

‎08-20-2015 07:22 AM

It could be you're missing "event manager session cli user" on the other router, and you're doing AAA command authz.  If you enable "debug event manager action cli" you can see what's happening from a CLI point of view.

0 Helpful

CORY HEBERT
Level 1
Level 1
In response to Joe Clarke

‎08-20-2015 08:01 AM

Thanks, Joseph.  I checked the configs on both routers, and the AAA stuff is identical on both.

Regardless, I'm going to turn on debug like you suggested, and hopefully find out what's going on with my script the next time it's invoked.

0 Helpful

CORY HEBERT
Level 1
Level 1
In response to CORY HEBERT

‎09-15-2015 02:54 PM

Joseph, you were right.  This recently-deployed command turned out to be the culprit:

"aaa authorization commands 15 default group tacacs+ local"

 

We need this command in for other reasons, so I'll have to create a new EEM TACACS account.

 

Thanks,

Cory

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to CORY HEBERT

‎09-15-2015 11:45 PM

You can add "auth bypass" to the event manager applet line to bypass AAA authz.  You can also, as I said earlier, add the "event manager session cli user" command to tell EEM which AAA user to use to authorize commands.  This will require a user in the AAA system.

0 Helpful
Customers Also Viewed These Support Documents