Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco Employee

EEM Script to call Python Script for CLI Accounting for NX-OS

Hey All -

I'm trying to write up an NX-OS script that is equivalent to "archive log config" in IOS. What I am considering is having EEM call a python script anytime that some command is entered in CLI. My question is, how CPU intensive is this if it were to call the script every single time any command is entered?

So far what I have for my eem script is:

event manager applet test 

event cli match "*"

action 1.0 cli source syslog.py

action 2.0 event-default

And my python script looks as follows:

#!/isan/bin/python

import syslog
from cisco import *

x = cli("show accounting log | i 'configure terminal'")
if 'configure terminal' in x:
syslog.syslog(3,x);

x = cli("clear accounting log")

We need the CLI commands to be sent to a syslog server so accounting using TACACS or RADIUS isn't an option. This is a messy solution but it was the only way I could think of. Any idea on if running the script constantly like that would cause issues on a Nexus box? Another option would be just running it on a scheduler but that isn't ideal.

3 REPLIES
Cisco Employee

You'll clearly want to test

You'll clearly want to test this.  I doubt anyone has done such a thing before.  It seems risky to me, but it would only cause load when CLI commands are executed, so the scaling factor will be the number of simultaneous sessions + the number of simultaneous CLI commands executed.  You should test as aggressively as your customer plans to use the CLI.

Cisco Employee

Yea it was the only way I

Yea it was the only way I could think of to account for CLI commands and send this as a syslog message. Do you think there is any other way to accomplish this?

Cisco Employee

Use AAA accounting and

Use AAA accounting and centralize this on an AAA accounting server.  From there you might be able to script the generation of syslog messages in a more scalable way.

153
Views
0
Helpful
3
Replies