I think I got the $_cli_result to work.  I was trying to trigger it with an applet that has event none.  I had to use the trigger that is "event none sync yes" then it worked.   I'm not sure what "sync yes" does but it must be important.

Things are looking good.  One things that';s come is the users are complaining about poor network performance.   I checked the CPU on my switch that is runngin eem and whenever I send it a few triggers in a row the CPU pegs to 100%.   with no debug going.  My code follows.

My questions are :

     1.  Is that normal

     2.  Should I use some other oid value.  I ran snmp debug packets and I see alot status information in the log file.  Is there some benign generic oid that I should use to trigger the event rather than what I am?

event manager applet OCA-limit-3M

     event snmp-notification oid 1.9.9.9. oid-value "3M" op eq

     action 1.0 cli command "enable"

     ... more commands ...

     action 7.0 exit 1

snmptrap -v 2c readme -Ci    ""  1.9.9.9 1.9.9.9.9.0  s "3M"

Thank you for the help

Jeff

The $_cli_result variable does not depend on the event detector.  You just need to make sure you perform at least one action cli before dereferencing the variable.

You should remove the action 7.0 line.  You don't need to exit with a failure.

As for the high CPU, without seeing which process is causing this, or seeing the "show stack" output for that process, I cannot comment.

ok thanks - my switch is a lab switch so all its doing is EEM right now.   I think probably the CPU is caused by which trap I am sending it from my host.  When I debug snding trap 1.9.9.9.0 I get all this in my log.   I've read where when sending traps to trigger events it really does't matter what MIB you use, but it seems to cause the swtich to process alot of data.  Is there any totally generic MIB I could use that would not do anything mor ethan trigger the event?

#event manager run TESTTEST
3M
3000000

MCCB8SW#
00:52:39: SNMP: Queuing packet to 10.10.108.101
00:52:39: SNMP: V2 Trap, reqid 23, errstat 0, erridx 0
sysUpTime.0 = 315992
snmpTrapOID.0 = cEventMgrMIB.0.2
ceemHistoryEventEntry.2.13 = 131
ceemHistoryEventEntry.3.13 = 0
ceemHistoryEventEntry.4.13 = 0
ceemHistoryEventEntry.5.13 = 0
ceemHistoryEventEntry.6.13 = 
ceemHistoryEventEntry.7.13 = applet: TESTTEST 
ceemHistoryEventEntry.9.13 = 0
ceemHistoryEventEntry.10.13 = 0
ceemHistoryEventEntry.11.13 = 3M
ceemHistoryEventEntry.13.13 = 0
ceemHistoryEventEntry.14.13 = 0
ceemHistoryEventEntry.15.13 = 0
ceemHistoryEventEntry.16.13 = 0
00:52:39: SNMP: Queuing packet to 160.108.10.111
00:52:39: SNMP: V1 Trap, ent cEventMgrMIB, addr 160.108.10.1, gentrap 6, spectrap 2
ceemHistoryEventEntry.2.13 = 131
ceemHistoryEventEntry.3.13 = 0
ceemHistoryEventEntry.4.13 = 0
ceemHistoryEventEntry.5.13 = 0
ceemHistoryEventEntry.6.13 = 
ceemHistoryEventEntry.7.13 = applet: TESTTEST 
ceemHistoryEventEntry.9.13 = 0
ceemHistoryEventEntry.10.13 = 0
ceemHistoryEventEntry.11.13 = 3M
ceemHistoryEventEntry.13.13 = 0
ceemHistoryEventEntry.14.13 = 0
ceemHistoryEventEntry.15.13 = 0
ceemHistoryEventEntry.16.13 = 0
00:52:40: SNMP: Queuing packet to 10.10.108.101
00:52:40: SNMP: V2 Trap, reqid 25, errstat 0, erridx 0
sysUpTime.0 = 316006
snmpTrapOID.0 = cEventMgrMIB.0.2
ceemHistoryEventEntry.2.14 = 131
ceemHistoryEventEntry.3.14 = 0
ceemHistoryEventEntry.4.14 = 0
ceemHistoryEventEntry.5.14 = 0
ceemHistoryEventEntry.6.14 = 
ceemHistoryEventEntry.7.14 = applet: TESTTEST 
ceemHistoryEventEntry.9.14 = 0
ceemHistoryEventEntry.10.14 = 0
ceemHistoryEventEntry.11.14 = 3000000
ceemHistoryEventEntry.13.14 = 0
ceemHistoryEventEntry.14.14 = 0
ceemHistoryEventEntry.15.14 = 0
ceemHistoryEventEntry.16.14 = 0
00:52:40: SNMP: Queuing packet to 160.108.10.111
00:52:40: SNMP: V1 Trap, ent cEventMgrMIB, addr 160.108.10.1, gentrap 6, spectrap 2
ceemHistoryEventEntry.2.14 = 131
ceemHistoryEventEntry.3.14 = 0
ceemHistoryEventEntry.4.14 = 0
ceemHistoryEventEntry.5.14 = 0
ceemHistoryEventEntry.6.14 = 
ceemHistoryEventEntry.7.14 = applet: TESTTEST 
ceemHistoryEventEntry.9.14 = 0
ceemHistoryEventEntry.10.14 = 0
ceemHistoryEventEntry.11.14 = 3000000
ceemHistoryEventEntry.13.14 = 0
ceemHistoryEventEntry.14.14 = 0
ceemHistoryEventEntry.15.14 = 0
ceemHistoryEventEntry.16.14 = 0

I was trying to parse the output of "show polic-map | i police"  so that I can put the rate in a variable and send it off as a trap.   In this case it would be 6MegB.  Actions 6.2, 6.3, 6,4, 6.5 were supposet o do that - but no joy. Any idea on what is wrong with the syntax. It just needs to pick out the first 7 to 8 digits.

event manager applet OCA-limit-6M
event none sync yes
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 6000000 100000 exceed-action drop"
action 5.1 cli command "exit"
action 6.0 puts "6M"
action 6.1 snmp-trap intdata1 6000000 strdata ""
action 6.2 cli command "show policy-map | i police"
action 6.3 regexp " [0-9] " "$_cli_result" result
action 6.4 puts "$_cli_result"
action 6.5 snmp-trap strdata "$result"

You want:

 action 6.2 cli command "show policy-map | i police"
 action 6.3 regexp "([0-9]+)" "$_cli_result" result
 action 6.4 puts "$_cli_result"
 action 6.5 snmp-trap strdata "$result"

This is coming from outgoing EEM traps.  It doesn't matter what trap you send to the device.  A generic one wouldn't have any different effect from a customized one.

In this case, it looks like you have multiple trap hosts defined, and all of them are receiving the EEM traps (i.e. you do not have additional trap keywords on them to limit the trap types they receive).

In order to get to the root of the CPU problem, you would need to provide the output of "show proc cpu sorted" when the CPU is pegged.

ok thank - I tried that exact thing. It always chokes on line 6.4. If I take out 6.4 it chokes on 6.5.  Here is script and output.

event manager applet OCA-limit-6M
event none sync yes
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 6000000 100000 exceed-action drop"
action 5.1 cli command "exit"
action 6.0 puts "6M"
action 6.1 snmp-trap intdata1 6000000 strdata ""
action 6.2 cli command "show policy-map | i police"
action 6.3 regexp "([0-9]+)" "$_cli_result" result
action 6.4 puts "$result"
action 6.5 snmp-trap strdata "$result"

#event manager run OCA-limit-6M
#6M

router#
00:06:40: %HA_EM-3-FMPD_UNKNOWN_ENV: fh_parse_var: could not find environment variable: result
00:06:40: %HA_EM-3-FMPD_ERROR: Error executing applet OCA-limit-6M statement 6.

Post the full output of "show policy-map | i police".

The first number will be either 3,6, 7,8,10, 12, 18, 20,,22,24,25 Meg.   So it could be 7 or 8 digits.

router#show policy-map | i police
      police 6000000 100000 exceed-action drop
router#

This works for me:

event manager applet OCA-limit-6M
 event none sync yes
 action 1.0 cli command "enable"
 action 2.0 cli command "config terminal"
 action 3.0 cli command "policy-map OCA-RATE-LIMIT"
 action 4.0 cli command "class CLASS_SLAP"
 action 5.0 cli command " police 6000000 100000 exceed-action drop"
 action 5.1 cli command "end"
 action 6.0 puts "6M"
 action 6.1 snmp-trap intdata1 6000000 strdata ""
 action 6.2 cli command "show policy-map | i police"
 action 6.3 regexp "police ([0-9]+)" $_cli_result whole result
 action 6.4 puts "$result"
 action 6.5 snmp-trap strdata "$result"

Note: you had an "exit" in there where you needed to have an "end".

I was one of the technical editors of this book, and it will be quite useful to people wanting to learn Tcl on IOS.  It does cover some EEM examples as well, but not much in the realm of applets.

ok thanks - I entered the code as shown for hte 6M. The first two times i tried it I got the same errors. Then it worked.  So I added same action 6 code to the 3M segment - no joy there. same errors.  Do I have to initialize the variable "result" or something. 

router#event manager run OCA-limit-6M
6M
6000000

router#event manager run OCA-limit-3M
3M

router#
00:48:03: %HA_EM-3-FMPD_UNKNOWN_ENV: fh_parse_var: could not find environment va
riable: result
00:48:03: %HA_EM-3-FMPD_ERROR: Error executing applet OCA-limit-3M statement 6.

event manager applet OCA-limit-3M
event none sync yes
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 3000000 100000 exceed-action drop"
action 5.1 cli command "exit"
action 6.0 puts "3M"
action 6.1 snmp-trap intdata1 3000000 strdata ""
action 6.2 cli command "show policy-map | i police"
action 6.3 regexp "police ([0-9]+)" "$_cli_result" whole result
action 6.4 puts "$result"
action 6.5 snmp-trap strdata "$result"
action 9.0 exit 1

event manager applet OCA-limit-6M
event none sync yes
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 6000000 100000 exceed-action drop"
action 5.1 cli command "exit"
action 6.0 puts "6M"
action 6.1 snmp-trap intdata1 6000000 strdata ""
action 6.2 cli command "show policy-map | i police"
action 6.3 regexp "police ([0-9]+)" "$_cli_result" whole result
action 6.4 puts "$result"
action 6.5 snmp-trap strdata "$result"
action 9.0 exit 1

Joe - I think tis working. You're right I have an "exit" and needed an "end" . Didn't have t

hat inthe 3M segment. Seems to work ok. I'm outof you.

Thanks for all your help - will probably have to ask you somestuff about het high cpu next week.

have a great weekend

Jeffrey Watson

Lockheed Martin