Solved: EEM event for specific syslog pattern using Tcl

paul.omahony · ‎07-23-2009

Hello this is my first ever post, so please bear with me if my tech lingo is below par.

I am very new to Tcl(Tool command language) and I need to create a policy for a CAT6500 to generate a 'syslog snmp-trap strdata "message to server"' when a specific syslog msg occurs. Now I've tried the Applet SNMP_Trap_Generation_Applet which works a treat, however I need to be more specific about which syslog messages get sent to the server.

Here's some pseudo code to try explain what I'm looking for.

::cisco::eem::event_register_syslog pattern .*-SP-.*

# Get the syslog message that caused the event to trigger

#

array set arr_einfo [event_reqinfo]

set syslog_msg $arr_einfo(msg)

# Check if syslog msg is = "LINK-SP-3" or "LINEPROTO-SP-5"

# If it is exit and don't send to trap to server

# Else

# Send snmp-trap message

if {$syslog_msg = "LINK-SP-3" | $syslog_msg = "LINEPROTO-SP-5" } {

action_syslog msg "blah blah"

exit

}else {

action_syslog snmp-trap strdata "SP log error on Catalyst"

}

As you can see the pattern .*-SP-.* is what I'm looking for in the syslog however I don't want to generate a snmp-trap for 2 specific patterns "LINK-SP-3" or "LINEPROTO-SP-5".

Any help out there would be great.

Joe Clarke · ‎07-26-2009

I had a typo in the previous version. Try this one instead.

View solution in original post

Joe Clarke · ‎07-23-2009

Your pseudo-code is very close. This is what you want:

if { ! [regexp {LINK-SP-3} $syslog_msg] && ! [regexp {LINEPROTO-SP-5} $syslog_msg] } {

action_snmp_trap strdata "SP log error on Catalyst"

}

paul.omahony · ‎07-26-2009

Thanks jclarke but I just realized that I'm going to need a loop to exclude any other syslog messages in the future. Do you have any idea how I would go about this? Here's some more code to try explain what I need:

::cisco::eem::event_register_syslog pattern .*-SP-.*

# fetch the syslog message that caused the event to trigger

#

array set arr_einfo [event_reqinfo]

set syslog_msg $arr_einfo(msg)

# Build array of error messages

set errLog(1) "LINK-SP-3"

set errLog(2) "LINEPROTO-SP-5"

set errLog(3) "LINEXXX-SP-7"

set errLog(4) "LINEXXX-SP-2"

# Loop through array and compare to syslog_msg

# If msg exists in array set flag to 1

set flag = 0

foreach item $errLog {

if { [regexp {$item} $syslog_msg] } {

set $flag = 1

}

if {$flag = 0} {

action_snmp_trap strdata "SP log error on Catalyst"

}

My coding is terrible but I hope you understand what I'm trying to achieve.

Joe Clarke · ‎07-26-2009

I think this will accomplish what you want. I made it easy to add new elements to the notrap list.

Joe Clarke · ‎07-26-2009

I had a typo in the previous version. Try this one instead.

paul.omahony · ‎07-26-2009

Hi thanks for the quick reply. It looks easy the way you have it coded. I have one question, just before the loop there is the line "set found 0" is this necessary? If so could you explain why?

Joe Clarke · ‎07-26-2009

No, that line can be removed.