05-16-2013 12:03 PM
Is there a way to match a syslog pattern while utilizing a wildcard for a portion of the message? For example, I'm trying to trigger my applet when it matches multiple syslog messages stating that a neighbor relationship hase gone down on a particular interface.
event syslog pattern "on FastEthernet2/0 from FULL to DOWN, Neighbor Down: Interface down or detached" occurs 2 period 60
The issue is that the "FULL" portion of the message can either be "FULL" or "2WAY" depending on whether or not the neighhor is a DR/BDR or DROTHER. Is there a way to replace that portion of the pattern with a wildcard?
Solved! Go to Solution.
05-16-2013 12:22 PM
Actually, most of the string matches in EEM are based on regular expressions...
For syslog, this is the syntax:
event [tag event-tag] syslog pattern regular-expression [occurs num-occurrences] [period period-value] [priority priority-level] [severity-level] [maxrun maxruntime-number]
http://www.cisco.com/en/US/docs/ios-xml/ios/eem/command/eem-cr-e2.html#wp9984926490
So you can use something like:
"on FastEthernet2/0 from (FULL|2WAY) to DOWN, Neighbor Down: Interface down or detached"
or event a more generic one:
"FastEthernet2/0.*Neighbor Down"
Arie
05-16-2013 12:22 PM
Actually, most of the string matches in EEM are based on regular expressions...
For syslog, this is the syntax:
event [tag event-tag] syslog pattern regular-expression [occurs num-occurrences] [period period-value] [priority priority-level] [severity-level] [maxrun maxruntime-number]
http://www.cisco.com/en/US/docs/ios-xml/ios/eem/command/eem-cr-e2.html#wp9984926490
So you can use something like:
"on FastEthernet2/0 from (FULL|2WAY) to DOWN, Neighbor Down: Interface down or detached"
or event a more generic one:
"FastEthernet2/0.*Neighbor Down"
Arie
05-16-2013 02:03 PM
That worked. Thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: