Hi,

The poblem is not with the python script. If I run the script manually from the cli it works as expected. The problem is that the eem is not running any of the actions with the cli commands. For instance the "action 3 cli command "sh version >> bootflash:shver.file" is not running as well.

Do you have AAA environment of using local authenticaiton.

event manager applet  XXXXXX authorization bypass

try simple EEM and test :

event manager applet sendemail

event none
 action 1 cli command "enable"
 action 2 syslog priority debugging msg "TEST"
 action 3 cli command "sh version >> bootflash:shver.file"

run manually and see if that works ?

Hi,

The command "event manager applet  XXXXXX authorization bypass" does not exist in nexus 7000 (at least in my version 7.2(1)D1(1)).

N7K-ADMIN-N7K601(config)# event manager applet sendemail ?
<CR>
class Specify a class for the applet
override Override a system policy

by doing a "debug aaa" while running the eem I do not see any authorization logs, only an acccounting log:

 %AAA-6-AAA_ACCOUNTING_MESSAGE: start:slot-1@pts/21:svc-isan:

the question here is do you have AAA environment on nexus ?

thats fine, what is the outcome of simple EEM Script is this works ?

event manager applet sendemail

event none
 action 1 cli command "enable"
 action 3 cli command "sh version >> bootflash:shver.file"

action 4 event-default

and run manually ?

#event manager run sendemail

Hi,

I do have aaa configured. 

If I run the applet I do see that the "action 3 cli command "sh version >> bootflash:shver.file"" did not run (bootflash empty).

If I debug aaa while running the applet I do see an accounting log but I do not see any authentication or authorization log errors.

If i have a syslog action in the applet "action 2 syslog priority debugging msg "TEST", the syslog message is generated sucessfull.

thanks

apologies - may be some command syntax wrong - i copied from the same.

just tested :

event manager applet test
action 1 cli sh version >> bootflash:shver.file
action 2 event-default

# dir bootflash:shver.file
1106 May 15 21:39:49 2024 shver.file

check the action logs :

show event manager events action-log

severity:moderate applets:test
eem_param_info:
Executing the following commands succeeded:
sh version >> bootflash:shver.file

The syntax provided by you doses not seem to be correct for the nexus 7000:

(config-applet)# action 1 cli ?
command Cli command to execute
local Execute the action in the same card on which the event happens

with the following eem:

event manager applet test
action 1 cli command "version >> bootflash:shver.file"
action 2 event-default

then running manually the eem (event manager run test)

show event manager events action-log:

eem_event_time:05/15/2024,18:29:33 event_type:none event_id:95 slot:active(1) vd
c:4 severity:moderate applets:test
eem_param_info:
Applet action execution successful

However the bootflash is still empty:

dir bootflash:
4096 May 09 18:09:01 2024 scripts/
4096 Oct 25 18:38:22 2016 virtual-instance-stby-sync/

thanks for the effort..

unfortunately i have tested on nexus 9K with code 9.X with out AAA environment.

Blizzard is simple command as you have in the applet not running. if i get chance i will look on that code of 7.2 in general that should work.

as you mentioned event - i do not see the command running - when you run manually.

severity:moderate applets:test
eem_param_info:
Executing the following commands succeeded:
sh version >> bootflash:shver.file

may be worth looking below thread :

https://community.cisco.com/t5/switching/eem-quot-action-mail-to-quot-not-available-on-nexus-7710/td-p/3015963

I never try but nexus have system-policy l' and eem need to override it to work

event manager applet applet-name override system-policy

Check this point 

Goodluck 

MHM

Hi,

the "system-policy" does not exist:

event manager applet sendemail override system-policy
ERROR: parameter is invalid or too long

event manager applet sendemail override ?
WORD Name of the system policy to override - should begin with double underscore (Max Size 29)

I have other eem applets running without issues (without cli actions) and it was not necessary to override any policy 

sh event manager policy internal
Name : OSPF_DOWN
Policy Type : applet
Event Specification : event syslog occurs 1 period 0 pattern "Nbr 192.168.10.5 on Ethernet6/2 went DOWN"
action 1 syslog priority alerts msg "CIRCUITO DOWN"
Event Specification active on : Active, Standby

Name : OSPF_UP
Policy Type : applet
Event Specification : event syslog occurs 1 period 0 pattern "Nbr 192.168.10.5 on Ethernet6/2 went FULL"
action 1 syslog priority alerts msg "CIRCUITO UP"
Event Specification active on : Active, Standby

Name : sendemail
Policy Type : applet
action 1 cli command "enable"
action 2 syslog priority debugging msg "TEST"
action 3 cli command "sh version >> bootflash:shver.file"

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/system-management/guide/b_Cisco_Nexus_7000_Series_NX-OS_System_Management_Configuration_Guide-RI/configuring_the___embedded_event_manager.html

this seems to be valid only for changes in the following policies:

The table below lists the system policies that can be completely overridden and policies that are only augmented.

I will tomorrow lab it abd inform you result. 

Thanks for waiting 

MHM