cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5489
Views
0
Helpful
2
Replies

Match Syslog Pattern With Wildcard

matthewathom
Level 1
Level 1

Is there a way to match a syslog pattern while utilizing a wildcard for a portion of the message?  For example, I'm trying to trigger my applet when it matches multiple syslog messages stating that a neighbor relationship hase gone down on a particular interface.

event syslog pattern "on FastEthernet2/0 from FULL to DOWN, Neighbor Down: Interface down or detached" occurs 2 period 60

The issue is that the "FULL" portion of the message can either be "FULL" or "2WAY" depending on whether or not the neighhor is a DR/BDR or DROTHER.  Is there a way to replace that portion of the pattern with a wildcard?

1 Accepted Solution

Accepted Solutions

avayner
Level 1
Level 1

Actually, most of the string matches in EEM are based on regular expressions...

For syslog, this is the syntax:

event [tag event-tag] syslog pattern regular-expression [occurs num-occurrences] [period period-value] [priority priority-level] [severity-level] [maxrun maxruntime-number]

http://www.cisco.com/en/US/docs/ios-xml/ios/eem/command/eem-cr-e2.html#wp9984926490

So you can use something like:

"on FastEthernet2/0 from (FULL|2WAY) to DOWN, Neighbor Down: Interface down or detached"

or event a more generic one:

"FastEthernet2/0.*Neighbor Down"

Arie

View solution in original post

2 Replies 2

avayner
Level 1
Level 1

Actually, most of the string matches in EEM are based on regular expressions...

For syslog, this is the syntax:

event [tag event-tag] syslog pattern regular-expression [occurs num-occurrences] [period period-value] [priority priority-level] [severity-level] [maxrun maxruntime-number]

http://www.cisco.com/en/US/docs/ios-xml/ios/eem/command/eem-cr-e2.html#wp9984926490

So you can use something like:

"on FastEthernet2/0 from (FULL|2WAY) to DOWN, Neighbor Down: Interface down or detached"

or event a more generic one:

"FastEthernet2/0.*Neighbor Down"

Arie

That worked.  Thanks for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: