Hello All,

I am having trouble with the script below, but part of it is working.  The script purpose is to prevents the startup config from being erased, and creates a syslog message.  Then notifies me by email when an attempt is made, and uses the router hostname as the sender.  Everything is working, but the email.  I need for the email to be able to take action immediately.  Thanks in advance for any assistance. 

event manager environment _email_server 10.10.10.10

event manager environment _email_to eric.slaughter@intelsat.com

event manager environment _email_cc Assaf.Barnoy@Intelsat.com

event manager applet PROTECT_STARTUP authorization bypass

event tag 1 cli pattern "write erase" sync no skip yes

event tag 2 cli pattern "erase startup-config" sync no skip yes

event tag 3 cli pattern "erase nvram:.*" sync no skip yes

event tag 4 cli pattern "delete nvram:.*" sync no skip yes

trigger

  correlate event 1 or event 2 or event 3 or event 4

action 010 syslog priority alerts msg "!!! An attempt to erase the startup-config was detected !!!"

action 020 info type routername

action 030 cli command "enable"

action 040 cli command "who"

action 050 mail server "$_email_server" to "$_email_to" cc "$_email_cc" from "$_info_routername@Intelsat.com" subject "Alert from $_info_routername" body "Logged users: $_cli_result"

exit