ASK THE EXPERT - DEPLOYING IOS EMBEDDED MANAGEMENT TECHNOLOGIES

Unanswered Question
Sep 19th, 2008

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update for deploying IOS embedded management technologies with Cisco expert Joe Clarke. Joe has been with Cisco since 1998, working on the network management Technical Assistance Center (TAC) team in North Carolina. As technical lead, Joe handles world-wide network management escalations particularly those pertaining to CiscoWorks, Tcl scripting, and embedded management technologies. He is CCIE certified (#5384), a certified Java programmer, Solaris system administration, Solaris network administration, and Solaris security administration.

Remember to use the rating system to let Joe know if you have received an adequate response.

Joe might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through October 3, 2008. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (6 ratings)
Loading.
devang_etcom Sun, 09/21/2008 - 10:13

Hi,

I want to know what kind of management technologies can I use for MPLS and MPLS VPN using IOS tools, including Accounting also?

regards

Devang Patel

Joe Clarke Sun, 09/21/2008 - 10:43

This session is focused on discussing the embedded management tools in IOS such as the Embedded Event Manager, Embedded Syslog Manager, Embedded Resource Manager, Embedded Menu Manager, and the Tcl shell. While some of these tools can be used to facilitate some aspects of MPLS management, I do not think that is information you're seeking.

You might be better off starting a new thread in the Network Management forum, Service Provider Forum, or VPN forum.

Hi Joe,

I am really a big fan of yours on this forum (specially networj management), and am very delightful to have answering our questions..

Although i am new to EEM and TCL etc, but i would really appreciate if you could just skim through highlighting the topics you listed in your post above. Also, i want to know if in order to enable TCL scripting on a router, does one need to have a prior knowledge of any Scripting language?

Is TCL shell common on all IOS ver, or does every IOS a different flavour?

Joe Clarke Sun, 09/21/2008 - 19:16

The Embedded Event Manager (EEM) allows one to perform tasks (called actions) when certain events occur on the device. The actions and events vary depending on the IOS version. However, as an example, one can bring up a redundant interface if an IP SLA collector times out. For on EEM can be found at http://www.cisco.com/go/eem/ . Knowledge of Tcl is not necessarily required to use EEM.

The Embedded Syslog Manager (ESM) sits in the device's logging path, and allows one to intercept, change, drop, and/or reformat syslog messages as they are generated. For example, you can use ESM to escalate the severity of a message, drop specific unwanted messages, turn a message into an email directly, etc. More on ESM can be found at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_esm_syslog.html . Using ESM requires a knowledge of Tcl.

The Embedded Menu Manager (EMM) allows one to build custom menu interfaces to IOS backed by the power of Tcl. EMM menus are built using an XML syntax, and are very extensible. More on EMM can be found at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_emm.html. Use of EEM requires a knowledge of XML and of Tcl (though a very simple menu could be built without Tcl).

The Embedded Resource Manager (ERM) gives one control over the resource thresholds in IOS. One can create thresholds for CPU, memory, buffer, etc. usage. ERM can also be used to unwedge interfaces as of 12.4(6)T. More on ERM can be found at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_erm_resource.html . ERM does not use Tcl, and all of its configuration happens within the running config of an IOS device.

The Tcl shell is a fully-functional Tcl 8.3.4 interpreter embedded in IOS. Using tclsh, one can create custom commands, simplify complex configuration workflows, etc. More information about Tcl programming in IOS can be found at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_script_tcl.html .

Example EEM and tclsh scripts can be found at http://www.cisco.com/go/ciscobeyond/ .

In order to use tclsh, one definitely needs to know how to program in Tcl. The Tcl language guide can be found at http://www.tcl.tk/man/tcl8.3/ .

Tclsh was first introduces in 12.3(2)T, and is now found in quite a few platforms including the desktop switches, 6500s, and 7600s.

biju-thomas Mon, 09/22/2008 - 02:17

Hi Joe,

I am having a cisco aironet 1200 AP.By mistake I deleted the flash memory.And when I tried to upgrade the IOS using a tftp server its saying "no such file or directory".can u please help me out in this?IOS is there in the root directory of tftp server and path name is also correct.The command sees like this.

ap: tar -xtract tftp://10.0.0.2/image/c1200-k9w7-tar.default flash:

ap: tar -xtract tftp://10.0.0.2/image/c1200-k9w7-tar.default flash:

..Thank you..

Joe Clarke Mon, 09/22/2008 - 07:41

This thread is dealing with IOS embedded management technologies. Please ask this question on one of the wireless forums.

b.hsu Wed, 09/24/2008 - 08:17

Hi

What kind of impact does EEM have on the device?

Thanks

Joe Clarke Wed, 09/24/2008 - 13:06

In most cases a negligible impact. EEM event detector processes run at a medium priority, so they have the potential of affected process like IP SNMP. However, most EEM policies are short (i.e. run in less than 20 seconds), and only execute periodically. For example, a typical policies may only execute when a specific syslog message is generated, or when a specific CLI command is run. Other policies may require periodic polling (i.e. an SNMP policy), but still the object check is quick, and does not typically impact operations.

b.speltz Fri, 09/26/2008 - 08:32

Hi

Where can I find some EEM and Tcl sample scripts?

Thanks

Richard Bradfield Sat, 09/27/2008 - 17:51

I want to do a reset on an interface at a Specific time using EEM, I use NTP will the script still work if the NTP server is unreachable

Joe Clarke Sat, 09/27/2008 - 22:32

Yes, provided the clock is still accurate. The script will run when the clock tells it to. If the NTP server hasn't been offline too long, and the router's clock is mostly in sync, then the script will run at about the correct time. If, however, the router reloads, and cannot sync its time, the script may not run, or it may run at the wrong time. For example, if the date is Dcember 31 at 00:00 after a router reloads, the script will not run at the correct time.

l.stafford Tue, 09/30/2008 - 04:41

Hi Joe,

can I use a TCL script to automate a config change across multiple devices. For instance, if I wanted to set a new NTP server IP address across 40 routers over a MPLS WAN, could I use a TCL script on a single router, that would then cause the TCL router to log in via telnet to all the other devices, and make the config change?

Regards,

Lee.

Joe Clarke Tue, 09/30/2008 - 07:00

Actually, this is possible, and actually doable in a number of different ways depending on IOS versions. If your devices are all running 12.4(20)T (or you have desktop switches running 12.2(40)SE or higher), you can set up an EEM RPC policy which accepts a remote XML request to make the config changes. I wrote a Perl API for EEM RPC that you can find at http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1183 which can help with this approach.

Also, with the same versions of code, you have access to the SNMP Proxy event detector. With this ED, you can have one device send an SNMP trap to another device which triggers and EEM policy. More on this feature can be found at http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/whitepaper_c11-492226.html .

Finally, the way to do this with a starting device running at least 12.4 is to write a Tcl policy that uses interactive CLI commands to actually do the telnet to the other devices, and interact. Attached is a Tcl policy I wrote to backup a CUE module via a session command. You could adapt this script for telnet very easily (i.e. replace the session command with a telnet). This should give you a good start.

Attachment: 
devang_etcom Wed, 10/01/2008 - 11:42

Jack,

any good document to start understanding and some working configuration of EEM?

regards

Devang Patel

Joe Clarke Wed, 10/01/2008 - 11:46

The best place to start is http://www.cisco.com/go/eem/ . This will give you some high-level overview of the Embedded Event Manager. From there, you can lear more about developing EEM applets from http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/t_eemc.html , and EEM Tcl policies from http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl.html . If you want to find some good EEM Tcl examples, check out http://www.cisco.com/go/ciscobeyond/ .

Once you get started, you can come back to the Network Management NetPro forum for help.

devang_etcom Thu, 10/02/2008 - 06:47

hi,

Thanks for the links...

so it looks like you can add the customized event notification with the help of EEM right!!!

and i am trying to figure out how to find out the various index entry and they name binding, I can look at the MIB but there i can get the Index entry for interface but not their naming!!!

regards

Devang Patel

Joe Clarke Thu, 10/02/2008 - 06:50

You can create custom SNMP traps and syslog messages (to an extent). The traps are defined in the CISCO-EMBEDDED-EVENT-MGR-MIB, and the syslog messages are sent with the %HA_EM-*-LOG facility and mnemonic.

As for your MIB question, what MIB are you looking at? What exactly are you trying to do?

Hi Joe,

Which of these management technologies can help me diagnose high CPU utilization on my router? I'd like to generate syslog message which contains CPU utilization level and the process name that caused that CPU utilization. I don't want to use SNMP.

I know, I can use old good "process cpu threshold ..." IOS 12.3(4)T command, but it doesn't show process name - only process number is shown. I know, I can use new overcomplicated (IMO) ERM "resource policy / policy / system / cpu" framework, but it doesn't show neither process number, nor process name (when will this BUG be fixed by cisco ???). I know, I can use loadometer (Extended Load Monitor Report), but I don't know how to interpret its output. I know, I can use EEM, but I don't know what for. I know, I can use TCL, but I don't know how.

Do you personally have a feeling that all of these management technologies are overengineered by cisco? Do you know simple and working solution to my problem?

Thx.

And I'd like to say that your answers are always very useful.

Joe Clarke Thu, 10/02/2008 - 12:54

This is shockingly not easy to do. You would have to add a resource policy for every iosprocess instance, or an EEM policy for every IOS process to get the process name.

What might be easiest is to tie two features together. That is, configure a process cpu threshold, then use EEM to process the syslog message from a threshold violation. It can then parse "show proc cpu" to get the process name. You would need a Tcl policy to do this, but it should be fairly straightforward. I can help out if you'd like.

I do feel ERM is overengineered. There are many simple things (like this) that users would like to do, but getting around ERM's configuration and concepts is quite daunting. EEM, on the other hand, is much easier to get started with, and much more accessible.

Creating new Tcl script isn't easy thing to do. I looked thru available scripts on Cisco Beyond. For example, the "ERM monitoring of CPU, Memory, and Buffers" script (http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1221) might achieve my goal, but it is not documented at all. The "A MDF (Menu Definition File) for administering ERM diagnostics" (http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1222) can probably help, but, to put the truth, I have no idea on how to run it...

Could you please give us a tutorial on 1) how run a simplest EEM script, such as this: "Threshold-based ACL Logging" or this: "Composite Dev Health-Interface" 2) how to run more complex scripts that use ERM and/or Embedded Menu Manager, such as the scripts mentioned above.

Thank you.

Joe Clarke Fri, 10/03/2008 - 07:27

All EEM scripts, regardless of complexity, are registered in the same way. First, you must decide where EEM Tcl policies will reside on your device. They MUST reside in a local flash disk. If possible, you should create a directory on flash; however, some flash file systems do not support "mkdir". For those, the policies can go into the file system root. I personally create a "policies" directory on my devices.

Then, copy all of you policies to this location. Next, tell IOS where the EEM policy directory is:

event manager directory user policy PATH

For example:

event manager directory user policy disk1:/policies

Without this command, no EEM Tcl policies will run.

Now you can register your policies. All policies must be registered before they can be used. For example, to register the "Threshold-based ACL Logging", you would use:

event manager policy acl-counters-thresholding.tcl

All policy scripts must end in .tcl. When registering a policy, only specify its name. The path to the policy is already given in the directory command I mentioned above.

But now things get interesting. This acl-counters-thresholding.tcl policy won't run since it requires you to set some environment variables first. These variables allow one to control the policy behavior without needing to modify the code. The variables required are documented at the top of the acl-counters-thresholding.tcl script file:

EEM_ACL_COUNTERS_INTERVAL

EEM_ACL_COUNTERS_ACL_NAME

EEM_ACL_COUNTERS_THRESHOLD

To set an EEM environment variable, do the following:

event manager environment NAME VALUE

For example:

event manager environment EEM_ACL_COUNTERS_INTERVAL 60

That's it for this policy. It will run periodically, based on the interval, watching the specified ACL to see if it violates the specified threshold.

Even the most complex EEM Tcl policy obeys these same tenants. They may just use a different Event Detector (e.g. the ERM event detector).

The Embedded Menu Manager is a different beast. It has nothing to do with EEM or ERM, but through its Tcl scripting functionality, it can touch a lot of different subsystems. More on EMM can be found at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_emm.html . But in general, you will load an XML Menu Definition File like:

emm mdf disk1:nms.mdf

If you need help writing an EEM Tcl policy or an EMM MDF, let me know. I can help you review what you have, or give you code to get you started.

Joe Clarke Fri, 10/03/2008 - 07:28

This thread is for discussing embedded management technologies in IOS. Please start a new thread for any other topic.

ahajivandi Fri, 10/03/2008 - 06:01

Hello Joe,

I have just post my question on the forum, not knowing this conversation event ends today.

I have always kept my mind on this question that, why CiscoWorks LMS does not initiate a telnet/ssh from the server itself, but from client system!? However, Device center manage to initiate snmpwalk, traceroute and ping from the server itself.

Could be an enhancement for the 3.2 or 3.3? It makes me happy:-)

Regards,

-Aryan

Joe Clarke Fri, 10/03/2008 - 07:14

This thread is for discussing embedded management technologies in IOS. Please start a new thread for your LMS question.

ahajivandi Fri, 10/03/2008 - 06:07

Hi,

Is there any possibility to access the CWLMS 3.1 databases with odbc like driver? I know only about the export possibilities to XML,CSV files.

Thanks,

-Aryan

Joe Clarke Fri, 10/03/2008 - 07:27

This thread is for discussing embedded management technologies in IOS. Please start a new thread for your LMS question.

Actions

This Discussion