Hi all, can someone tell me how can i write a tcl script that extracts information from the syslog message that generates the event
For example if this is my event
::cisco::eem::event_register_syslog pattern "%CRYPTO-6-EZVPN_CONNECTION_UP: (Server) Mode=CLIENT_OR_NEM_PLUS Client_type=UNKNOWN User= Group=illusion Client_public_addr=10.1.4.3 Server_public_addr=192.168.1.1 Assigned_client_addr=188.8.131.52"
now i want to add client assigned ip address to my access-list, how can i extract this information in my tcl script
any one pls
The only special construct in the code example is the event_reqinfo function. It is a special EEM function that returns the event information in array format. That function is documented at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl_ps6441_TSD_Products_Configuration_Guide_Chapter.html .
Within that array is the msg element. This element is only present when the event detector used is syslog. The msg element contains the message string which triggered the EEM syslog policy. Next, I perform a regular expression match on the string to pull out the desired portion, and store it in the $addr variable.