Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
0
Replies

EEM policy: how to get around Safe-Tcl

mario.jost
Level 3
Level 3

‎11-15-2021 05:23 AM

i am working on using a tcl based event manager policy with following configuration:

 

event manager directory user policy "flash:/policy"
event manager policy policy.tcl
event manager session cli username "admin"

 

The content of the policy file is as follows:

 

::cisco::eem::event_register_syslog pattern ".*" maxrun 60
set policyversion 1
puts "send log this TCL script has been run"

This works great so far. every log entry triggers the run of the script. What we want to do in the long run is, manupulate the log entries that are being sent to syslog. For example we want to add the interface description or we want to include the remote router hostname into EIGRP neighbor messages and so on...

 

But as soon as we want to use the exec command somewhere, we get an error:

 

Nov 15 13:44:14.935: %HA_EM-6-LOG: policy.tcl: "if {$security_level == 1} {#untrusted script
Nov 15 13:44:14.935: %HA_EM-6-LOG: policy.tcl: Tcl policy execute failed: 
Nov 15 13:44:14.935: %HA_EM-6-LOG: policy.tcl: invalid command name "exec"

I read that these TCL scripts run in a Safe-TCL mode where alot of commands have been disabled. Here is the link:
https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/netmgmt/configuration/guide/Convert/Emb_EventMgr_xe/nm_eem_policy_tcl_xe.html

 

So is there a way i can get around this Safe-ACL limitation somehow?

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card