[c-nsp] EEM BGP
Clyde Wildes
cwildes at progrizon.com
Wed Dec 16 17:06:12 EST 2009
Tony,
Yes EEM does not screen on the syslog messages that it emits. When we built
the EEM syslog Event Detector the test team insisted that we implement it
this way to prevent recursion. ;-)
You can always use an application specific event to trigger policy B from
policy A. You could use a trigger statement to delay the running of policy B
if desired.
Use the following:
event manager applet BGPADJ_SHUT
event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3 Down"
period 600
action 100 cli command "enable"
action 110 cli command "configure terminal"
action 120 cli command "router bgp 666"
action 130 cli command "neighbor 172.16.10.3 shutdown"
action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
action 150 publish-event sub-system 798 type 100 arg1 "shutdown"
event manager applet BGPADJ_NOSHUT
event tag bgpevent2 application sub-system 798 type 100
trigger delay 600
action 100 cli command "enable"
action 110 cli command "configure terminal"
action 120 cli command "router bgp 666"
action 130 cli command "no neighbor 172.16.10.3 shutdown"
action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
Thanks,
Clyde
Progrizon, Inc.
www.progrizon.com
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
Sent: Wednesday, December 16, 2009 9:38 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] EEM BGP
Well, did a bunch of testing and I am still stuck. So here's the basic idea
and config.
When the peer is actually shut, I log a message to syslog (info simplified
and anonymized to protect innocent).
event manager applet BGPADJ_SHUT
event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3 Down"
period 600
action 100 cli command "enable"
action 110 cli command "configure terminal"
action 120 cli command "router bgp 666"
action 130 cli command "neighbor 172.16.10.3 shutdown"
action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
This works great. Notice action 140.
To turn the peer back up, I would like to wait 60 seconds (probably 10
minutes in real world) and look for the "Neighbor 172.16.10.3 shutdown by
EEM" in the syslog as this will tell me when I need to start my timer.
event manager applet BGPADJ_NOSHUT
event tag bgpevent1 syslog pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
Down"
event tag bgpevent2 syslog pattern "Neighbor 172.16.10.3 shutdown by EEM"
trigger delay 600
correlate event bgpevent1 and event bgpevent2
action 100 cli command "enable"
action 110 cli command "configure terminal"
action 120 cli command "router bgp 666"
action 130 cli command "no neighbor 172.16.10.3 shutdown"
action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
This is the part that does not work. For the correlation, I want to either
look for event 1 and 2 or just 2. 1 and 2 is really just a self check.
The apparent problem is that EEM doesn't look at the messages that it
injects into syslog. So, the trigger never happens. And as verification, I
tried it with event1 or event2. While watching debug it picks up on event1.
Any ideas? Recommendations?
tv
----- Original Message -----
From: "Clyde Wildes" <cwildes at progrizon.com>
To: "'Tony Varriale'" <tvarriale at comcast.net>; <cisco-nsp at puck.nether.net>
Sent: Tuesday, December 15, 2009 3:31 PM
Subject: RE: [c-nsp] EEM BGP
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list