Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
172731
Views
66
Helpful
26
Comments

Cisco EEM Basic Overview and Sample Configurations

ashirkar
Level 7
Level 7

‎11-18-2012 07:38 AM - edited ‎08-29-2017 10:32 AM

 

Introduction:

The EEM(Embedded Event manager is a software component of cisco IOS, XR, and NX-OS makes life easier for administrators by tracking and classifying events that take place on a router and providing notification options for those events. EEM allows you to automate tasks, perform minor enhancements and create workarounds.


There are two independent pieces: Applets and Scripting
-> Applets are a collection of CLI commands
-> Scripts are actions coded up in TCL(interpreter language)

EEM uses event detectors and actions to provide notifications of those events:

EEM detectors can be:
1) SNMP:-Monitoring SNMP objects.
2) Syslog:-Responds to various syslog messages, allowing for matching on regular expressions.
3) Counter: Monitoring and responding to interface counter when cross threshold settings.
4) CLI events: Screening CLI input for a regular expression match.
5) None: This event detector is use to test EEM script/applet using "event manager run" command.
6) Timers :(Countdown, watchdog and CRON)
7) IP SLA and Netflows events.

 

Common regular expressions:

^  =  Start of string

$  =  End of string

.   =  Any single character

*  =  Zero or more instances

+ =  One or more instance

?  =  Zero or one instance

 

EEM Actions can be:


1)Sending a email messages
2)Executing a cisco command.
3)Generating SNMP traps
4)Reloading the router
5)Generating priotized syslog messages
6)Switching to a secondary processor in a redundant platform
7)requesting system information when an event occurs(like sh tech,sh proccess cpu history).

Sample EEM Scripts:

A) Syslog Event detector:
This example shows the syslog event detector. When the ISP1 interface has been shutdown, the below applet run to turn on the interface and send the alert to the below mention mail id with logged in users information.

 

Configuration:

event manager applet interface_Shutdown
event syslog pattern "Interface FastEthernet1/0, changed state to administratively down"
action 1.0 cli command "enable"
action 1.5 cli command "config t"
action 2.0 cli command "interface fa1/0"
action 2.5 cli command "no shutdown"
action 3.0 cli command "end"
action 3.5 cli command "who"
action 4.0 mail server "192.168.1.1" to ".engineer@cisco.com." from ".EEM@cisco.com." subject ".ISP1_Interface_fa1/0_SHUT." body "Current users $_cli_result"

 

Enabling debug detector to get closer view and shutdown the interface fa1/0.

 

R1#debug event manager action cli
Debug EEM action cli debugging is on
R1#conf tEnter configuration commands, one per line.  End with CNTL/Z.R1(config-if)#int fa1/0
R1(config-if)#sh


*Nov 17 23:06:24.215: %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to administratively down
*Nov 17 23:06:24.283: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : CTL : cli_open called.
*Nov 17 23:06:24.295: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : R1>
*Nov 17 23:06:24.299: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : IN  : R1>enable
*Nov 17 23:06:24.319: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : R1#
*Nov 17 23:06:24.319: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : IN  : R1#config t
*Nov 17 23:06:24.343: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.
R1(config-if)#
*Nov 17 23:06:24.347: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : R1(config)#
*Nov 17 23:06:24.347: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : IN  : R1(config)#interface fa1/0
*Nov 17 23:06:24.467: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : R1(config-if)#
*Nov 17 23:06:24.467: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : IN  : R1(config-if)#no shutdown
*Nov 17 23:06:24.587: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : R1(config-if)#
*Nov 17 23:06:24.587: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : IN  : R1(config-if)#end
*Nov 17 23:06:24.643: %SYS-5-CONFIG_I: Configured from console by  on vty0 (EEM:interface_Shutdown)
*Nov 17 23:06:24.655: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : R1#
*Nov 17 23:06:24.655: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : IN  : R1#who
*Nov 17 23:06:24.727: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT :     Line       User
R1(config-if)#Host(s)              Idle       Location
*Nov 17 23:06:24.731: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT :    0 con 0                idle                 00:00:02
*Nov 17 23:06:24.731: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : *  2 vty 0                idle                 00:00:00 EEM:interface_Shutdown
*Nov 17 23:06:24.735: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT :
*Nov 17 23:06:24.735: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT :   Interface    User               Mode         Idle     Peer Address
*Nov 17 23:06:24.735: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT :
*Nov 17 23:06:24.739: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) : : OUT : R1#
R1(config-if)#
*Nov 17 23:06:26.487: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up

 

B) CLI Event detector:
In this example applet has created to stop "debugging" command on the CLI. If anyone enter the debug command it will have no effect, also clock and user’s information will be stored in flash.

 

Configuration:

event manager applet Stop_Debug
event cli pattern "debug" sync no skip yes
action 1.0 cli command "enable"
action 2.0 cli command "sh users | append flash:Debug"
action 3.0 cli command "sh clock | append flash:Debug_clock"

 

Verification:

Checking the registered applet with following command:

 

R1#sh event manager policy registered
No.  Class   Type    Event Type          Trap  Time Registered           Name
1    applet  user    cli                 Off   Fri Mar 1 00:08:05 2002   Stop_Debug
pattern {debug} sync no skip yes
maxrun 20.000
action 1.0 cli command "enable"
action 2.0 cli command "sh users | append flash:Debug"
action 3.0 cli command "sh clock | append flash:Debug_clock"

R1#debug all
R1#debug event manager action cli
R1#sh debugging......(Not showing any debug running on device)

R1#sh flash:
System CompactFlash directory:
File  Length   Name/status
1   1614     Debug.....(User info is append to flash)
2   204      Debug_clock......(Clock time when debug entered is also append to flash)
R1#more flash:Debug
Line       User       Host(s)              Idle       Location
0 con 0                idle                 00:00:00
* 66 vty 0             idle                 00:00:00    XYZ
Interface   User      Mode                 Idle     Peer Address


R2#more flash:Debug_Clock
12:43:15.263 UTC Sun Nov 18 2012
R2#

 

C) Interface Events:

In this example applet is configure to measure rxload on the interface.

 

Two applets are configure:

1) When Rx load is above 50% then router will apply access-list on the interface fa0/1 to allow only important traffic and block the unwanted traffic.
2) When Rx load goes below 25, the router will remove applied access-list from the interface fa0/1 to allow all traffic.

 

Configuration:

event manager applet Interface_Load_UP
event tag 1 interface name FastEthernet1/0 parameter rxload entry-op gt entry-val 127 entry-type value poll-interval 30
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "int fa1/0"
action 1.3 cli command "ip access-group IMP_TRAFFIC in "
action 1.4 cli command "end"
event manager applet Interface_Load_Down
event tag 1 interface name FastEthernet1/0 parameter rxload entry-op lt entry-val 25 entry-type value poll-interval 30
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "int fa1/0"
action 1.3 cli command "no ip access-group IMP_TRAFFIC in "
action 1.4 cli command "end"

 

Verification:

 

R1#sh int fa1/0 | in load
     reliability 255/255, txload 1/255, rxload 1/255..(Rxload is 1)
R1#debug event manager action cli
Debug EEM action cli debugging is on
R1#sh int fa1/0 | in load
     reliability 255/255, txload 139/255, rxload 139/255....(Rxload is increase more 50% i.e.139)
R1#(As soon Rxload increase by 50%, causing to triggered 1 st event)
*Nov 18 02:19:55.403: %HA_EM-6-LOG: Interface_Load : DEBUG(cli_lib) : : CTL : cli_open called.
*Nov 18 02:19:55.423: %HA_EM-6-LOG: Interface_Load : DEBUG(cli_lib) : : OUT : R1>
*Nov 18 02:19:55.427: %HA_EM-6-LOG: Interface_Load : DEBUG(cli_lib) : : IN  : R1>enable
 : R1#conf t
 : R1(config)#int fa1/0
 : R1(config-if)#ip access-group IMP_TRAFFIC in....(Access-list apply to interface)
*Nov
R1#18 02:19:55.827: %HA_EM-6-LOG: Interface_Load : DEBUG(cli_lib) : : OUT : R1(config-if)#
*Nov 18 02:19:55.831: %HA_EM-6-LOG: Interface_Load : DEBUG(cli_lib) : : IN  : R1(config-if)#end
*Nov 18 02:19:55.839: %SYS-5-CONFIG_I: Configured from console by  on vty0 (EEM:Interface_Load)
*Nov 18 02:19:55.851: %HA_EM-6-LOG: Interface_Load : DEBUG(cli_lib) : : OUT : R1#
*Nov 18 02:19:55.855: %HA_EM-6-LOG: Interface_Load : DEBUG(cli_lib) : : CTL : cli_close called.
R1#sh ip access-lists
Extended IP access list IMP_TRAFFIC
10 permit tcp any any eq www
20 permit tcp any any eq telnet
30 deny icmp any any (10 matches)............(Router Start dropping ICMP packets)
R1#sh run int fa1/0
Building configuration...
Current configuration : 159 bytes
!
interface FastEthernet1/0
bandwidth 64
ip address 10.1.1.1 255.255.255.0
ip access-group IMP_TRAFFIC in
load-interval 30
duplex full
speed 100
!
end

R1#sh int fa1/0 | in load
reliability 255/255, txload 19/255, rxload 19/255(As soon as Rxload goes below 25, R1 trigger 2nd event)
R1#
*Nov 18 02:21:31.367: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : CTL : cli_open called.
*Nov 18 02:21:31.375: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : OUT : R1>
*Nov 18 02:21:31.379: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : IN  : R1>enable
*Nov 18 02:21:31.395: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : OUT : R1#
*Nov 18 02:21:31.399: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : IN  : R1#conf t
*Nov 18 02:21:31.423: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.
R1#
*Nov 18 02:21:31.423: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : OUT : R1(config)#
*Nov 18 02:21:31.427: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : IN  : R1(config)#int fa1/0
*Nov 18 02:21:31.455: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : OUT : R1(config-if)#
*Nov 18 02:21:31.459: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : IN  : R1(config-if)#no ip access-group IMP_TRAFFIC in....(Removing Access-list)
*Nov 18 02:21:31.579: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : OUT : R1(config-if)#
*Nov 18 02:21:31.579: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : IN  : R1(config-if)#end
*Nov 18 02:21:31.587: %SYS-5-CONFIG_I: Configured from console by  on vty0 (EEM:Interface_Load_Down)
*Nov 18 02:21:31.599: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : OUT : R1#
*Nov 18 02:21:31.603: %HA_EM-6-LOG: Interface_Load_Down : DEBUG(cli_lib) : : CTL : cli_close called.

 

D) SNMP event Detector:

 

In this example EEM applet reads the SNMP variable and it will be triggered when the CPU goes above 60 %.you can customized applet according to the need. However, caution should be exercised to consider the file system free space before deploying the applet.

 

For SNMP OID you can use SNMP Object Navigator

 

Configuration:

 

event manager applet HIGH-CPU
!
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.3 get-type next entry-op gt entry-val 60 poll-interval 5
!
action 0.1 cli command "enable"
action 0.2 syslog msg "Capturing high cpu information to flash:"
action 0.3 cli command "term length 0"
action 1.1 cli command "show process cpu sorted | append flash:EEM_CPU"
action 1.4 cli command "show ip traffic | append flash:EEM_TRAFFIC"
action 1.4 cli command "show logging | append flash:EEM_LOGS"
action 4.2 syslog msg "Removing EEM APPLET from running_config"
action 9.2 cli command "configure terminal"
action 9.3 cli command "no event manager applet HIGH-CPU"
action 9.4 cli command "end"
action 9.5 cli command "term default length"

 

Verification:

 

R2#
*Nov 18 12:30:53.139: %HA_EM-6-LOG: HIGH-CPU: Capturing high cpu information to flash:
*Nov 18 12:30:53.371: %HA_EM-6-LOG: HIGH-CPU: Removing EEM APPLET from running_config

R2#sh flash:
System CompactFlash directory:
File  Length   Name/status
1   22477     EEM_CPU
2   2665      EEM_LOGS

 

E) TCL (Tool Control Language) is a scripting language used extensively by Cisco to facilitate the testing and automating of various functions in the IOS.

In this example, small TCL script configured to check reachability of Branch devices from the Core router.

R1#tclsh
R1(tcl)#
R1(tcl)#foreach VAR {
+>(tcl)#192.168.1.1
+>(tcl)#192.168.2.1
+>(tcl)#192.168.3.1
+>(tcl)#192.168.4.1
+>(tcl)#} { puts [exec "ping $VAR"] }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/58/120 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/40/104 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/72/128 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R1(tcl)#

 

Related Information

Writing Embedded Event Manager Policies Using the Cisco IOS CLI
Cisco EEM Best Practices
Embedded Event Manager Overview
emm through event manager scheduler script
Writing Embedded Event Manager Policies Using Tcl

EEM Script For Periodically Clearing Interface Counters Using Regular Expression

 

                                   

Base Initial configuration:

 

Labels:
Comments
architmehta
Level 1
Level 1
‎11-21-2012 09:58 AM

Thanks for giving wonderful information..

I will try this and share my experience.

ashirkar
Level 7
Level 7
‎01-14-2013 10:35 PM

Hello Archit,

Thanks for valuable feedback

Reagards,

Ashish

(Technical community manager-NI)

Ajith Kumar
Level 1
Level 1
‎06-14-2013 05:01 AM

Hi Ashish,

It's a nice Document. Very informative.

I had an requirement for which i was searching for EEM script and found your DOC. It was very informative.

In my scenario if any user logged into switch is removing TACACS configuration is it possible to send auto alert to LMS is it achievable through EEM script. Please can you help in this.

Regards,

Ajith

ashirkar
Level 7
Level 7
‎06-19-2013 10:39 AM

Dear Ajith,

Thanks for your positive feedback and private mail; really appreciated .you can check answer for your query in discussion thread you have opened.

Thanks and Regards,

Ashish Shirkar

(Technical Community Manager-NI)

usmanpk79
Level 1
Level 1
‎07-02-2013 06:35 AM

Dear Ashish,

Thank You for sharing this useful information.

I have written an EEM script that is using IP SLA but I have some doubts about it, weather it will work in Production

the way I preceives it.

Before I share my configuration let me breifly describe what I am trying to accomplish.

I have 2 ASA 5585 at the Primary Site which is the Data Center and both firewalls are connected to 2 6506E which are operating in VSS Mode.VSS at the Data Center site is connected upstream to the Aggregation Router that is connected with Multiple Branch Routers via GRE Tunnels.The routes are being exchanged between Aggregation Router and VSS via ospf.At VSS we have Static Routes point to primary firewall that is in Active Mode (2nd Firewall is in Standby Mode).

Now the Same Exact Topology exists the Disaster Recovery Site. 2 6506 E are operating in VSS Mode. VSS ports at DR Site used to connect with Primary Firewall are in Shutdown Mode but on the end of the link at Firewall the ports are in no shut mode.Customer is using same exact private RFC 1918 address at both sites Data Center and Disaster Recovery Site. Both sites are connected to Each Other Via Nexus 5K Extended Reach Fiber Link.Also VSS at the Data Center site and Disaster Recovery Site are also connected with extended reach link that running ospf on it.

Now in the even if both Firewalls Primary and Seondary goes down at Data Center Site I want VSS Ports at the Disaster Recover site that is connected to Firewall at Disaster Recover Site should go to no shutdown mode and when any of the Firewall at Data Center Site becomes available again I want VSS ports at the Disaster Recovery site should go back to shutdown mode.To acheive this I have written the EEM in conjuction with IP SLA.

Could You Please spare some time can validate if this is going to work.

Your assistance in this will be highly appreciated.

Configuration of the Failover In The Event Of Wan Link Failure at DC Site

Configuration at the DR VSS Switch

IP SLA To Monitor The Data Center Primary Firewall CORE-DC-FW01 Outside Interface

Ip sla 1

Icmp-echo x.x.x.x (Pinging outside interface ip address of the Primary Firewall CORE-DC-FW01)

timeout 500

frequency 3

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

delay down 8 up 10

EEM Script

event manager applet FAILOVERTODR

event track 1 state down

action 1.0 cli command "enable"

action 1.1 cli command “config t”

action 1.2 cli command “interface  tengigabitethernet 1/2/5 ” (We are brining up the DR VSS 1st Interface that is connected with CORE-DR-FW01)

action 1.3 cli command “no shutdown”

action 1.4 cli command “exit”

action 1.5 cli command “interface  tengigabitethernet 2/2/5 ” (We are brining up the DR VSS 2nd Interface that is connected with DR CORE-DR-FW01)

action 1.6 cli command “no shutdown”

action 1.7 syslog msg “Interface tengigabitethernet 1/2/5 and tengigabitethernet 2/2/5 were brought up via EEM”

event manager applet FAILOVERTODC

event track 1 state up

action 1.0 cli command "enable"

action 1.1 cli command “config t”

action 1.2 cli command “interface  tengigabitethernet 1/2/5 ” (We are shutting down the DR VSS 1st Interface that is connected with DR CORE-DR-FW01)

action 1.3 cli command “shutdown”

action 1.4 cli command “exit”

action 1.5 cli command “interface  tengigabitethernet 2/2/5 ” (We are Shutting Down the DR VSS 2nd Interface that is connected with DR CORE-DR-FW01)

action 1.6 cli command “shutdown”

action 1.7 syslog msg “Interface tengigabitethernet 1/2/5 and tengigabitethernet 2/2/5 were Shutdown via EEM”

Furhter will the 2nd EMM script will iterate and can create Loops or will it have any negative impact on the device it is configured on.

Looking forward for your reply.

Thanks,

Regards,

Usman.

marcuslover1
Level 1
Level 1
‎07-15-2013 11:09 AM

Ohh Wow..

Very Nice Explanation

Thanks Ashish for sharing the same

ilhem200943
Level 1
Level 1
‎04-23-2014 04:03 AM

Hello ashirk

 

your script "high-cpu"  gives me no result, when I put "sh flash" it shows me " "Open device slot0 failed (Bad device info block)"

 

And I want to create a script to display a traffic interface but I not know how . you can help me?

zsmr00001
Level 1
Level 1
‎05-28-2014 01:53 PM

Hello Ashirkar,

I did what you wrote but it didn't work. I guess it doesn`t work because my router 2911 ask a user and password y it goes directly to privileged mode

"username rsnpower2 privilege 15 secret 4 LgaZhZWEWKivYt.uo6bM87s3eMiIPtS50PDGv2K1IUA"

So, if the firts cli command is "enable", but my router has a password, then how it would do to get in  privileged mode (#) and it can use the next cli command.

When i use: "Show event manager history events" it shows that my applet is active and had a track event.

 

I would be veru grateful for your answer.

Best regards,

Sandro

 

Jim Thomas
Level 4
Level 4
‎05-30-2014 08:59 PM

Does anyone know how to get EEM scripts to direct "show" command output or "more" command output to the console terminal? It seems EEM suppresses "show run" commands.

 

Thanks

Jim

 

Naveen Gurjar
Level 1
Level 1
‎08-26-2014 02:10 AM

I have a Nexus switch whose OS does not support IP SLA.

 

I need to have a script or a tool to ping to a next hop and send alert mails on even a single drop.

 

Can I acheive this using only EEM tools? If yes, can you share how to?

 

Thanks in advance!!

Naveen

ysantizo1
Level 1
Level 1
‎03-04-2015 04:22 PM

Great post

 

I have a doubt

What if i want to save the running-config to tftp?

for testing purposes i tried this to save the running-config every 5 minutes but didn't work

 

event manager applet RESPALDOTEST
 event timer cron name RESPALDOTEST cron-entry "5 * * * *"
 action 1 cli command "enable"
 action 2 cli command "copy running-config tftp:"
 action 3 cli command "172.16.20.123"
 action 4 cli command "respaldotest"
 action 5 cli command "end"

 

can you help me?

Florian Holzapfel
Level 1
Level 1
‎03-05-2015 02:10 AM

Hi ysantizo1,

 

you could do it like this:

 

event manager applet RESPALDOTEST
 event timer cron name RESPALDOTEST cron-entry "5 * * * *"
 action 1 cli command "enable"
 action 2 cli command "copy running-config tftp://172.16.20.123/respaldotest"
 action 4 cli command "y"
 action 5 cli command "end"

 

But I prefer the "archive" command:

http://www.cisco.com/c/en/us/td/docs/ios/fundamentals/command/reference/cf_book/cf_a1.html#wp1018716

and you can soemthing like this:

archive
 log config
 path tftp://172.16.20.123/
 write-memory

This will you copy your running-config everytime if you execute "wr"  or "copy run start" to your tftp-server.

 

kind regards,

Flo

ysantizo1
Level 1
Level 1
‎03-05-2015 10:50 AM

Thanks for your response Florian

 

I've tried this

 

event manager applet RESPALDOTEST
 event timer cron name RESPALDOTEST cron-entry "5 * * * *"
 action 1 cli command "enable"
 action 2 cli command "copy running-config tftp://172.16.20.123/respaldotest"
 action 4 cli command "y"
 action 5 cli command "end"

but didn't work

i guess that is for the next lines that are interactive and ask you for the host again

 

i didn't use the archive command because i want it to be fully automated

 

any advise?

 

 

ysantizo1
Level 1
Level 1
‎03-05-2015 11:04 AM

I tried too with some empty cli commands like this

 

event manager applet RESPALDOTEST
 event timer cron name RESPALDOTEST cron-entry "5 * * * *"
 action 1 cli command "enable"
 action 2 cli command "copy running-config tftp://172.16.20.123/respaldotest"

 action 3 cli command ""
 action 4 cli command ""
 action 5 cli command "end"

 

and still nothing

Florian Holzapfel
Level 1
Level 1
‎03-05-2015 10:55 PM

Hi,

 

try soemting like this:

 

event manager applet SAVING-RUNNING-TO-TFTP
 description Backup running-config to TFTP 172.16.20.123
 event syslog pattern "%SYS-5-CONFIG_I: Configured from"
 action 0.1 info type routername
 action 1.0 cli command "enable"
 action 1.1 cli command "copy run tftp" pattern "Address"
 action 1.2 cli command "172.16.20.123" pattern "filename"
 action 1.3 cli command "$_info_routername-confg"
 action 2.0 syslog priority informational msg "Configuration change detected. Write to TFTP succesfully executed"!

 

Every time if logout from the configuration mode you get the syslog-message %SYS-5-CONFIG and with this applet you grep this pattern and then saving your running-config to your tftp-server

 

greetz

flo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card