Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1962
Views
0
Helpful
9
Replies

Username in EEM

kb70
Level 1
Level 1

‎03-20-2008 06:13 AM

Hi,

I have a simple EEM applet which triggers a syslog message whenever anyone enters enable mode (to be exactly it triggers a syslog message whenever anyone types ena on the cli, so if anyone knows a better way to do it, I would be glad to know how).

So right now I know that somebody entered enable mode, but I don't know who. Is there a variable for the actual username or any other way to get it 'syslogged' in the applet ?

Thanks for your help,

best regards,

Kurt

Labels:
0 Helpful
9 Replies 9

Joe Clarke
Cisco Employee
Cisco Employee

‎03-20-2008 06:28 AM

There is no EEM variable for username (only command and command count for a CLI event detector). However, you can enable "logging userinfo" (if supported in your IOS). That will tell you when someone enters enable mode:

Mar 20 09:25:47 EDT: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by marcus on vty4 (172.18.254.237)

0 Helpful

kb70
Level 1
Level 1
In response to Joe Clarke

‎03-20-2008 06:36 AM

Hmm, unfortunatly 'logging userinfo' does'nt seem to be supported in 12.2(18)SXF12 on the 6500 platform :-(

Any other way to get this information logged ?

TIA,

Kurt

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to kb70

‎03-20-2008 06:41 AM

You can try enabling "login on-success log". That will log to syslog every time one successfully logs in. It should log a message on enable.

0 Helpful

kb70
Level 1
Level 1
In response to Joe Clarke

‎03-20-2008 07:04 AM

Both of your hints work fine on our 7206 with IOS 12.3, but unfortunatly both are not available in 12.2(18)SXF12 on the 6500.

Anyway, thanks a lot for your help.

Best regards,

Kurt

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to kb70

‎03-20-2008 07:45 AM

We're looking to enhance EEM to provide these properties in the future, but that will take time. One sure way to do accounting as to who is becoming enabled is to use a AAA server.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Joe Clarke

‎03-20-2008 09:11 AM

I filed CSCso33352 requesting an enhancement to EEM so that username, vty, host, and privilege level variables could be passed to CLI policies.

0 Helpful

mario.jost
Level 3
Level 3

‎04-29-2024 01:44 AM

This bug or rather enhancement requiest has been marked fixed on the portal:
https://bst.cisco.com/bugsearch/bug/CSCso33352?rfs=qvred

Can you confirm that this is working? How did you manage to fix this? The problem with the login on-success log is that this is not correlated. Meaning user1 could login, do a buch of stuff, go idle, user2 loggs in, does some stuff, goes idle, then user1 continues to do stuff which gets correlated to user2 as he was the last one to login...

0 Helpful

mario.jost
Level 3
Level 3

‎05-03-2024 02:28 PM

If anyone stumbles upon this thread in the future, the correct variable to use within an EEM applet to get the user is: 

$_cli_username
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to mario.jost

‎05-04-2024 04:37 AM

the post you replied more than decade, things are many changed after that :

you can refer also below thread recently discussed :

https://community.cisco.com/t5/routing/getting-the-username-in-an-event-manager-applet/m-p/5085565#M398564

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card