Example of EEM script to block certain SNMP traps and syslogs

Unanswered Question
Apr 19th, 2017
User Badges:

We have many Cisco CSR's running in multiple cloud provider environments and want to block certain snmp traps and syslogs due to them being too noisy - waking the on-call folks up every night. Also we need to do this with the on PREM Cisco ASR's also. any examples around to use as a base for us to get started with this?


thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sat, 04/22/2017 - 11:36
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

EEM cannot block syslog messages.  That requires the Embedded Syslog Manager or log discriminators.  If you only want to do simple blocking, discriminators are probably better.

For traps, you can use a simple applet to block a trap:

event manager applet block-trap

 event snmp-notification oid OID oid-val VAL op OP direction outgoing msg-op drop

 action 1.0 comment "Dropping trap"


Here, OID is an OID within the trap, VAL is that OID's value to match, and OP is the operation to test (e.g., eq for equals).

All of this depends on the specific messages and traps you want to block.

Actions

This Discussion