Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2216
Views
5
Helpful
0
Comments

TAC Security Podcast Episode #27 - IOS Embedded Event Manager (EEM)

Jay Johnston
Cisco Employee
Cisco Employee

‎05-11-2012 12:15 PM - edited ‎03-08-2019 06:45 PM

 

Episode Name: Episode 27 - IOS Embedded Event Manager (EEM)

Contributors:  David White Jr., Jay Johnston, Magnus Mortensen, Joe Clarke

Posting Date: May 24, 2012

Description: Special guest Joe Clarke discusses the capabilities of IOS Embedded Event Manager. The panel discusses some very interesting use cases for EEM, and how it can be used to add new features to IOS as well as aid in troubleshooting complex network problems. A special listener challenge is given at the end of the show!

 


Listen Now    (MP3 19.38 MB; 28:13 mins)

 

Subscribe to the Podcast in iTunes by clicking the image below:

button_itunes.gifrss.gif

 

About the Cisco TAC Security Podcast

 

The Cisco TAC Security Podcast Series is created by Cisco TAC engineers. Each episode provides an in-depth technical discussion of Cisco product   security features, with emphasis on troubleshooting.

 

Complete episode listing and show information

 

 

Show Notes

 

Sample EEM Scripts and Resources

 

1. Email IP address of a router daily (DHCP example)

 

event manager applet getIP

event tag restart syslog pattern "LINEPROTO-5-UPDOWN:.*FastEthernet0 .*state to up"

event tag periodic timer watchdog time 86400

trigger

  correlate event restart or event periodic

action 1.0 cli command "show int Fa0 | inc Internet address is"

action 2.0 mail to noreply@cisco.com from noreply@cisco.com server "10.1.1.1" subject "IP address info" body "IP address is: $_cli_result"

 

2. Read up on EEM best practices in our CSC whitepaper.

 

3. Learn what version of EEM is supported by your device.

 

4. Come to Cisco Beyond to ask questions about EEM and find a library of Cisco and user-contributed examples.

 

5. Convert your EEM applet policies to Tcl to get started with scripting IOS using Tcl.

 

 

Twitter Router URL Feed

 

Download the Tweeting router code from https://supportforums.cisco.com/docs/DOC-19363 .  Check out Bruno's own Tweeting Router!

 

Listener Challenge! Joe's jabberwocky Switch Responding via EMail

 

Step 1:  Configure the following on your IOS router or switch:

 

event manager applet say-hello

event cli pattern "show version" sync no skip no

action 1.0 snmp-trap intdata1 8380 strdata "EMAIL"

!

snmp-server enable traps event-manager

snmp-server host 24.172.16.118 traps version 1 secshow udp-port 8162 event-manager

 

Step 2:  Change the EMAIL text string to be your email address in the action line. 

 

Step 3:  Then, run "show version" and check your email for a special message from jabberwocky@marcuscom.com.

 

Step 4:  Remove the EEM applet by issuing "no event manager applet say-hello"

 

 

 

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents