Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EEM Syslog Pattern Capture

Hello Community,

Can someone please let me know if its possible to have a EEM script activated when particular word appears in a syslog.

For the following is a syslog message:

Sep 19 09:11:33.966: %HA_EM-2-LOG: utilisationHighInterfaceUtilization.tcl: 992&You are experiencing abnormally high traffic utilization |ifu|/15

Would it be possible if have a EEM script activated when the word "high traffic utilization" from the above syslog message appears?

I have tried with the following but it won't work.


event manager applet toptalkers

event syslog pattern "high traffic utilization"

action 1.0 cli command "enable"

action 1.5 cli command "show flow monitor FlowMonitor1 cache aggregate ipv4 protocol"

action 4.0 mail server "10.44.xxx.xxx" to "carlton@ska.co.uk" from "carlton@ska.co.uk" subject "toptalkers." body "TopTalker Script $_cli_result"

Cheers

Carlton

BTW, I will respond to the other questions I have posted on this forum.

3 REPLIES
New Member

EEM Syslog Pattern Capture

Hello Community,

I tried the following but it didn't work:

event manager applet toptalkers

event syslog pattern ".*high traffic utilization.*"

New Member

EEM Syslog Pattern Capture

Hello Community,

I figured out why it doesn't work.

Its because the event isn't, technically speaking, a syslog event. Therefore, can someone please show me how to make the script work with the event as stated above:

Sep 19 09:11:33.966: %HA_EM-2-LOG: utilisationHighInterfaceUtilization.tcl: 992&You are experiencing abnormally high traffic utilization |ifu|/15

Cheers

Carlton

Cisco Employee

EEM Syslog Pattern Capture

EEM cannot intercept syslog messages EEM generates.  You'll need to modify the EEM policy generating your first message to either do what you want or generate an application-specific event that can be intercepted by your second policy.

710
Views
0
Helpful
3
Replies