[c-nsp] EEM BGP

Arie Vayner (avayner) avayner at cisco.com
Wed Dec 16 15:13:13 EST 2009 

Tony,

Why do you want to look for the Syslog event? It would happen anyway
inside your original script, right?

Maybe try something like this:

event manager applet BGPADJ_SHUT
 event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
Down" period 600 maxrun 700
 action 100 cli command "enable"
 action 110 cli command "configure terminal"
 action 120 cli command "router bgp 666"
 action 130 cli command "neighbor 172.16.10.3 shutdown"
 action 135 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
 action 140 cli command "do ping 1.1.1.1 repeat 1 timeout 600"
 action 150 cli command "no neighbor 172.16.10.3 shutdown"
 action 155 syslog msg "Neighbor 172.16.10.3 no shutdown by EEM"

(we assume that 1.1.1.1 is not pingable. You can route it to null0 if
you like)


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
Sent: Wednesday, December 16, 2009 19:38
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] EEM BGP

Well, did a bunch of testing and I am still stuck.  So here's the basic
idea 
and config.

When the peer is actually shut, I log a message to syslog (info
simplified 
and anonymized to protect innocent).

event manager applet BGPADJ_SHUT
 event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
Down" 
period 600
 action 100 cli command "enable"
 action 110 cli command "configure terminal"
 action 120 cli command "router bgp 666"
 action 130 cli command "neighbor 172.16.10.3 shutdown"
 action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"

This works great.  Notice action 140.

To turn the peer back up, I would like to wait 60 seconds (probably 10 
minutes in real world) and look for the "Neighbor 172.16.10.3 shutdown
by 
EEM" in the syslog as this will tell me when I need to start my timer.

event manager applet BGPADJ_NOSHUT
 event tag bgpevent1 syslog pattern "%BGP-5-ADJCHANGE: neighbor
172.16.10.3 
Down"
 event tag bgpevent2 syslog pattern "Neighbor 172.16.10.3 shutdown by
EEM"
 trigger delay 60
  correlate event bgpevent1 and event bgpevent2
 action 100 cli command "enable"
 action 110 cli command "configure terminal"
 action 120 cli command "router bgp 666"
 action 130 cli command "no neighbor 172.16.10.3 shutdown"
 action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"

This is the part that does not work.  For the correlation, I want to
either 
look for event 1 and 2 or just 2.  1 and 2 is really just a self check.

The apparent problem is that EEM doesn't look at the messages that it 
injects into syslog.  So, the trigger never happens.  And as
verification, I 
tried it with event1 or event2.  While watching debug it picks up on
event1.

Any ideas?  Recommendations?

tv

----- Original Message ----- 
From: "Clyde Wildes" <cwildes at progrizon.com>
To: "'Tony Varriale'" <tvarriale at comcast.net>;
<cisco-nsp at puck.nether.net>
Sent: Tuesday, December 15, 2009 3:31 PM
Subject: RE: [c-nsp] EEM BGP 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list