I being a customer, only have access to CPE router and want to setup a mechanism to monitor the ISP link down status (BGP peer down)  without making any config change to the ISP CPE & ISP PE. 

NOTE: ISP CPE router that you can see in attached diagram is at the customer premises only (with no access to me ) and establish eBGP with CPE router .

Although i have access to DC gateway router where ISP link terminates. 

A Simple EEM script to alert on IP SLA failures - Cisco Community

EEM Alert on IP SLA failure 

MHM

Below without need ot eem' ip sla status send as log to syslog 

snmp-server enable traps rtr

snmp-server enable traps syslog

ip sla monitor logging traps 

we don't have access to the ISP CPE and PE routers .

you have access to DC Router - what IGP/EGP you running between ISP and Your Router ? Ans : eBGP

Can you share EEM Script sample for this solution and how we can send this log to monitoring tool like Splunk.  

Can you share EEM Script sample for this solution and how we can send this log to monitoring tool like Splunk.  

happy to help you, if you can send me confguration bit, what you know eBGP between you and provider, and also when it go down what Logs you see (anytime before ?)

we can provide example to test it (may be you can not simulate, but when it occurs the script will trigger.

Note : when we asked configuration remove any confidential information before posting.

some of the example EEM applet like to pursue :

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/216091-best-practices-and-useful-scripts-for-ee.html

example EEM :  (you can look h

router bgp 555555
bgp log-neighbor-changes

event manager environment _email_to user.bb.com
event manager environment _email_server smtp.bb.com
event manager environment _email_from Router@bb.com

event manager applet BGP-Alert
event syslog pattern "%BGP-5-ADJCHANGE:*"

action 1.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "$_event_pub_time:" body "$_syslog_msg"
action 1.5 syslog priority notifications msg "BGP Message - Mail Sent"

If the Router is reachable to Splunk:

logging  host x.x.x.x (splunk IP) - so splunk can alert you also from splunk alerting system when the BGP go down.

SNMP Trap :

snmp-server enable traps bgp [state-changes {[all] [backward-trans] [limited]}] | [threshold prefix]

Hi Balaji,

As you know we don't have access to ISP CPE and ISP PE .

only option is to run EEM script on our ISR4331 CPE  that when ever it see BGP prefix count is getting less ( due to BGP down between ISP CPE &PE)

our router generate syslog  that prefix count are reduced   .

can you please correct my below script

Wool(config )# event manager trap prefix_down

 event community SNMP

 event manager applet prefix_down_applet

!

event manager applet prefix_down_applet

 event prefix down 1>>>>>GNS software not taking this command 

 action syslog msg "BGP prefix down detected!"

event syslog pattern "BGP prefix down detected!"

you have access to DC Router - what IGP/EGP you running between ISP and Your Router ? Ans : eBGP

how is your configuration looks like, and what prefix you are able to see on the router, if the provider offering only default route, then you need to rely on different method.

what is the use case here - based on this drill ?

Hi Leo,

do ne need some script for SNMP or just some commands ?

please share with me , thanks in advance .

No, our SNMP will ping-n-poll the relevant OID for the BGP prefixes.  

All we have to do is configure the thresholds (whether it is dropping or rising) and then configure the action (email, chat, mute, etc).

(And I do not provide assistance to DMs!)

but we don't have access to ISP CE to PE hence above solution will not work .

our router is making EBGP with ISP CPE(in our server room)

I think it is not possible to monitor the BGP advertisements from ISP CE to ISP PE without the explicit approval of the ISP.