cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
235
Views
1
Helpful
4
Replies

Cisco EEM script to bounce an interface

Richard Tapp
Level 1
Level 1

We have about 120 DMVPN spokes and a few more remote ones occasionally lose DMVPN to the HUB site. A quick bounce of the tunnel normally resolves the issue.

I have been trying to get an EEM script to do this for me. I applied the config, clear the logs, had the tunnel go down, checked the logs and the string I put in below was there.

Log

May 23 13:51:57.758 UTC: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.106.3.47 (Tunnel40) is down: holding time expired

But show event manager history event is blank.

Should the config below be enough or am I missing something ?

event manager applet reset_tunnel_40
event syslog pattern "%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.106.3.47 (Tunnel40) is down: holding time expired"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "int tun 40"
action 4.0 cli command "shut"
action 5.0 cli command "no shut"

1 Accepted Solution

Accepted Solutions

Dan Frey
Cisco Employee
Cisco Employee

The syslog pattern in the event detector takes regexp input to match.  The ()parens in the syslog message need to be escaped with \backslash so its interpreted as a backslash and not a metacharacter.

 

event manager applet reset_tunnel_40
 event syslog pattern "%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.106.3.47 \(Tunnel40\) is down: holding time expired"

View solution in original post

4 Replies 4

Hm it seems like the EEM script should be sufficient to reset the Tunnel40 interface when the specified syslog message is detected. But the fact that the show event manager history event command returns nothing suggests that there might be an issue with the EEM script execution or logging maybe? Try.... the below you should have better visibility into the EEM script execution and be able to identify any issues more easily.

Hope this helps.

event manager applet reset_tunnel_40
 event syslog pattern "DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.106.3.47 (Tunnel40) is down: holding time expired"
 action 1.0 cli command "enable"
 action 2.0 cli command "conf t"
 action 3.0 cli command "int tun 40"
 action 4.0 cli command "shut"
 action 5.0 cli command "no shut"
!
logging event-manager informational
service timestamps debug datetime msec

 

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

debug event manager all

Share the debug when eigrp neighbor down

MHM

Dan Frey
Cisco Employee
Cisco Employee

The syslog pattern in the event detector takes regexp input to match.  The ()parens in the syslog message need to be escaped with \backslash so its interpreted as a backslash and not a metacharacter.

 

event manager applet reset_tunnel_40
 event syslog pattern "%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.106.3.47 \(Tunnel40\) is down: holding time expired"

Richard Tapp
Level 1
Level 1

Thanks, changed it and actually had the dmvpn drop within 10 minutes and it worked perfectly

Review Cisco Networking for a $25 gift card