Episode Name: Episode 27 - IOS Embedded Event Manager (EEM)
Contributors: David White Jr., Jay Johnston, Magnus Mortensen, Joe Clarke
Posting Date: May 24, 2012
Description: Special guest Joe Clarke discusses the capabilities of IOS Embedded Event Manager. The panel discusses some very interesting use cases for EEM, and how it can be used to add new features to IOS as well as aid in troubleshooting complex network problems. A special listener challenge is given at the end of the show!
Listen Now (MP3 19.38 MB; 28:13 mins)
Subscribe to the Podcast in iTunes by clicking the image below:
About the Cisco TAC Security Podcast
The Cisco TAC Security Podcast Series is created by Cisco TAC engineers. Each episode provides an in-depth technical discussion of Cisco product security features, with emphasis on troubleshooting.
Complete episode listing and show information
Show Notes
Sample EEM Scripts and Resources
1. Email IP address of a router daily (DHCP example)
event manager applet getIP
event tag restart syslog pattern "LINEPROTO-5-UPDOWN:.*FastEthernet0 .*state to up"
event tag periodic timer watchdog time 86400
trigger
correlate event restart or event periodic
action 1.0 cli command "show int Fa0 | inc Internet address is"
action 2.0 mail to noreply@cisco.com from noreply@cisco.com server "10.1.1.1" subject "IP address info" body "IP address is: $_cli_result"
2. Read up on EEM best practices in our CSC whitepaper.
3. Learn what version of EEM is supported by your device.
4. Come to Cisco Beyond to ask questions about EEM and find a library of Cisco and user-contributed examples.
5. Convert your EEM applet policies to Tcl to get started with scripting IOS using Tcl.
Twitter Router URL Feed
Download the Tweeting router code from https://supportforums.cisco.com/docs/DOC-19363 . Check out Bruno's own Tweeting Router!
Listener Challenge! Joe's jabberwocky Switch Responding via EMail
Step 1: Configure the following on your IOS router or switch:
event manager applet say-hello
event cli pattern "show version" sync no skip no
action 1.0 snmp-trap intdata1 8380 strdata "EMAIL"
!
snmp-server enable traps event-manager
snmp-server host 24.172.16.118 traps version 1 secshow udp-port 8162 event-manager
Step 2: Change the EMAIL text string to be your email address in the action line.
Step 3: Then, run "show version" and check your email for a special message from jabberwocky@marcuscom.com.
Step 4: Remove the EEM applet by issuing "no event manager applet say-hello"