Trigger an EEM script from a Remote Server and pass data into the script

Answered Question
Apr 3rd, 2017
User Badges:

Hello all,


I have a script that will modify an otherwise static configuration. I need to send a trigger to the router from a remote Linux server (SNMPv3 preferred) with a parameter that tells the script the value to set this configuration to.


Does anyone have an idea how to do this? I'd like to use SNMPv3 to pass the data along with the auth/priv functions of SNMPv3, but the TAC is saying there is no way to do this and that I should look on the Cisco Support Forums.


Thanks,


Jeff

Correct Answer by Joe Clarke about 1 week 1 day ago

You could use SNMP traps from Linux to the router.  I've only ever used v1 traps for this, though.  There was a bug where v2 traps did not work, but that may be resolved now.  You could try this with v3.

But if you need reliability and security, I recommend the XML RPC event detector.  This allows you to send XML over SSH to trigger EEM policies.  I wrote a small Perl API for this at https://supportforums.cisco.com/sites/default/files/legacy/2/3/6/14632-C... .

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
matthewathom Fri, 04/14/2017 - 13:46
User Badges:

This sounds very similar to an issue I'm trying to resolve.


-Matt

Correct Answer
Joe Clarke Mon, 04/17/2017 - 08:16
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You could use SNMP traps from Linux to the router.  I've only ever used v1 traps for this, though.  There was a bug where v2 traps did not work, but that may be resolved now.  You could try this with v3.

But if you need reliability and security, I recommend the XML RPC event detector.  This allows you to send XML over SSH to trigger EEM policies.  I wrote a small Perl API for this at https://supportforums.cisco.com/sites/default/files/legacy/2/3/6/14632-C... .

jefferykout Mon, 04/17/2017 - 13:23
User Badges:

Joe,

The TAC is saying that the router can only do SNMPv3 in an auth/nopriv mode. I cannot use this, I need to have both auth and priv to meet my security needs.

As for using the RPC event detector, I can see the "event rpc" in the EEM handbook, but I cannot see how to parse out the XML from the RPC and then use values passed via the XML.

I assume the scripts you attached to tis are for the Linux server, right?

Jeff

Joe Clarke Mon, 04/17/2017 - 13:33
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The router definitely supports SNMPv3 authPriv, but I would not use the EEM SNMP Object ED.  It is not very reliable.  The Perl API I provided includes a sample Perl script and sample EEM Tcl policies in the "eg" directory.  Yes, this API will work on Linux.

matthewathom Mon, 04/17/2017 - 13:52
User Badges:

Though the router supports SNMPv3 authPriv, my understanding from what I've found online was that the the EEM SNMP event detector did not.  So you are saying that if the server mentioned above sends an SNMPv3 authPriv trap to the router (attempting to trigger an event) the event detector on the router would be able to authenticate and decrypt the trap?  Is that correct? 

Joe Clarke Mon, 04/17/2017 - 14:13
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I know there used to be a bug with v2 notifications (the kind used by SNMPv3), but I believe it is fixed.  There could also be a problem with the SNMP manager handling v3 traps.  Again, I have not personally tested SNMPv3 traps with the EEM SNMP notification ED.  You could give it a try if you have your heart set on SNMP.  But the XML RPC thing will work, is secure, and has the advantage of using a reliable transport.

jefferykout Mon, 04/17/2017 - 14:51
User Badges:

Joe,

Whereas I like to think that I am somewhat knowledgeable with EEM, I am not knowledgeable in TCL. Concerning the zip file, what goes on the router and what goes on the server? For the items that go on the router, how do I convert TCL into EEM?

Thanks,

Jeff

Joe Clarke Mon, 04/17/2017 - 14:58
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

First, read the README.txt in the API bundle as that will give you some clues as how to get started.  Second, the EEM Tcl script examples are EEM.  They are just Tcl policies as opposed to applets.  There is no converting Tcl to applets.

For registering Tcl policies with the EEM server, see http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/12_... and search for "registering".  You might be able to do what you want with applets using the $_rpc_arg0, $_rpc_arg1, ... variables to get your arguments.  However, I find using Tcl for things a bit easier if the arguments will vary.

jefferykout Tue, 04/18/2017 - 12:46
User Badges:

Hi Joe,

Unfortunately, my company has decided that this feature will not make it into our current baseline, but I hope to add this into a baseline in the coming year.

In the meantime, I shall mark your original answer as correct so you can get credit for the right answer.

If I have questions about this in the future, may I email you directly?

Thank you for your assistance,

Jeff

Actions

This Discussion