04-29-2024 03:09 AM - edited 04-29-2024 03:12 AM
I have following EEM applet:
event manager applet FILTERCMD1
event cli pattern "^show version" sync yes
action 001 cli command "enable"
action 002 cli command "show users wide | include \*"
action 003 puts nonewline $_cli_result
Now if i run the command show users wide on my system, it shows my username:
roTST11#show users wide
Line User
1 vty 0 adminuser18
* 2 vty 1 adminuser04
So i can see that i am currently logged in with the user adminuser04. We have following configuration on the devices that defines with which local user the eem scripts run:
event manager session cli username "admin"
So the problem now is, if i run the command show version, the eem applet gets triggered but it gets run with the admin user. We can see this in the output:
roTST11#show version
* 3 vty 2 admin
So is there a way we can reference to the user that is responsible for triggering the EEM applet? If i search in the loggs for login messages like the command login on-success log creates, i cannot correlate these logs to the current user. It could be that i am logged in since 4h but now the adminuser18 loggs in afterwards and the script would then treat all my entered commands as if i would be adminuser18.
If i remove the event manager session cli username "admin" command, the EEM still opens a new VTY session but the username is just empty.
EDIT: I have tried to use the variable $_resource_user_id which i found on this website:
But it appears to be empty.
Solved! Go to Solution.
05-03-2024 02:26 PM
OK i just found the solution. Dan Frey gave the solution in this Thread:
https://community.cisco.com/t5/routing/build-in-variable-for-cli-events-in-eem/td-p/5080068
So basically, with this command we can see all available variables of an event manager:
router#show event manager detector cli detailed | begin Applet Built-in Environment Variables
Applet Built-in Environment Variables:
$_event_id
$_job_id
$_event_type
$_event_type_string
$_event_pub_time
$_event_pub_sec
$_event_pub_msec
$_event_severity
$_cli_msg
$_cli_msg_count
$_cli_line
$_cli_key
$_cli_tty
$_cli_username
$_cli_host
$_cli_privilege
$_cli_error_code
$_cli_mode_context
So there is the $_cli_username variable that contains the username of the user that triggered the event manager to run.
04-30-2024 03:26 AM
Hi @mario.jost
Could you try to explain what it is you want to achieve with this EEM applet?
You try to run commands by an EEM script and get the admin user returned as it is the one running the script. So that works as expected.
If you want to log who is changing config there is a function for that:
archive
log config
logging enable
logging size 500
notify syslog contenttype plaintext
#show logging | inc LOGGEDCMD
Feb 28 19:53:41.568: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin06 logged command:ip access-list standard ACL_SNMP
05-01-2024 02:06 AM
Hello @rasmus.elmholt
I would like to control which command userA can run and userB cannot. And i want to have granular control like userA can clear interface counters gigabitethernet1/0/5 but he cannot do clear interface counters gigabitethernet1/0/7. As well if there is userB who is in turn allowed to run clear interface counters gigabitethernet1/0/7 but not clear interface counters gigabitethernet1/0/2.
With the archive command, only stuff in the conf terminal is logged. And i am not looking for logging but controlling.
05-03-2024 02:26 PM
OK i just found the solution. Dan Frey gave the solution in this Thread:
https://community.cisco.com/t5/routing/build-in-variable-for-cli-events-in-eem/td-p/5080068
So basically, with this command we can see all available variables of an event manager:
router#show event manager detector cli detailed | begin Applet Built-in Environment Variables
Applet Built-in Environment Variables:
$_event_id
$_job_id
$_event_type
$_event_type_string
$_event_pub_time
$_event_pub_sec
$_event_pub_msec
$_event_severity
$_cli_msg
$_cli_msg_count
$_cli_line
$_cli_key
$_cli_tty
$_cli_username
$_cli_host
$_cli_privilege
$_cli_error_code
$_cli_mode_context
So there is the $_cli_username variable that contains the username of the user that triggered the event manager to run.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide