cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1776
Views
0
Helpful
6
Replies

EEM event for specific syslog pattern using Tcl

paul.omahony
Level 1
Level 1

Hello this is my first ever post, so please bear with me if my tech lingo is below par.

I am very new to Tcl(Tool command language) and I need to create a policy for a CAT6500 to generate a 'syslog snmp-trap strdata "message to server"' when a specific syslog msg occurs. Now I've tried the Applet SNMP_Trap_Generation_Applet which works a treat, however I need to be more specific about which syslog messages get sent to the server.

Here's some pseudo code to try explain what I'm looking for.

::cisco::eem::event_register_syslog pattern .*-SP-.*

# Get the syslog message that caused the event to trigger

#

array set arr_einfo [event_reqinfo]

set syslog_msg $arr_einfo(msg)

# Check if syslog msg is = "LINK-SP-3" or "LINEPROTO-SP-5"

# If it is exit and don't send to trap to server

# Else

# Send snmp-trap message

if {$syslog_msg = "LINK-SP-3" | $syslog_msg = "LINEPROTO-SP-5" } {

action_syslog msg "blah blah"

exit

}else {

action_syslog snmp-trap strdata "SP log error on Catalyst"

}

As you can see the pattern .*-SP-.* is what I'm looking for in the syslog however I don't want to generate a snmp-trap for 2 specific patterns "LINK-SP-3" or "LINEPROTO-SP-5".

Any help out there would be great.

1 Accepted Solution

Accepted Solutions

I had a typo in the previous version. Try this one instead.

View solution in original post

6 Replies 6

Joe Clarke
Cisco Employee
Cisco Employee

Your pseudo-code is very close. This is what you want:

if { ! [regexp {LINK-SP-3} $syslog_msg] && ! [regexp {LINEPROTO-SP-5} $syslog_msg] } {

action_snmp_trap strdata "SP log error on Catalyst"

}

Thanks jclarke but I just realized that I'm going to need a loop to exclude any other syslog messages in the future. Do you have any idea how I would go about this? Here's some more code to try explain what I need:

::cisco::eem::event_register_syslog pattern .*-SP-.*

# fetch the syslog message that caused the event to trigger

#

array set arr_einfo [event_reqinfo]

set syslog_msg $arr_einfo(msg)

# Build array of error messages

set errLog(1) "LINK-SP-3"

set errLog(2) "LINEPROTO-SP-5"

set errLog(3) "LINEXXX-SP-7"

set errLog(4) "LINEXXX-SP-2"

# Loop through array and compare to syslog_msg

# If msg exists in array set flag to 1

set flag = 0

foreach item $errLog {

if { [regexp {$item} $syslog_msg] } {

set $flag = 1

}

}

if {$flag = 0} {

action_snmp_trap strdata "SP log error on Catalyst"

}

My coding is terrible but I hope you understand what I'm trying to achieve.

I think this will accomplish what you want. I made it easy to add new elements to the notrap list.

I had a typo in the previous version. Try this one instead.

Hi thanks for the quick reply. It looks easy the way you have it coded. I have one question, just before the loop there is the line "set found 0" is this necessary? If so could you explain why?

No, that line can be removed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco