Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1335
Views
5
Helpful
9
Replies

Problem with EEM for monitoring CPU high on C4506

dinhkk2888
Level 1
Level 1

‎02-13-2016 02:47 AM

Hi,

I have a C4506 running cat4500e-universal.SPA.03.02.05.SG.150-2.SG5.bin.

It dont have AAA configuration. It has the following one:

!

username cisco14 privilege 14 secret cisco14
username cisco5 privilege 5 secret cisco5

!

privilege exec level 10 enable

!

event manager session cli username "cisco14"

event manager applet test
event snmp oid cpmCPUTotal1minRev.1000 get-type exact entry-op ge entry-val "5" poll-interval 5
action 0.0 syslog priority errors msg "High CPU DETECTED $_snmp_oid_val"
action 0.1 cli command "enable"
action 0.2 cli command "term exec prompt timestamp"
action 1.2 cli command "term length 0"
action 1.3 cli command "show process cpu sorted | append bootflash:cpuinfo.txt"
action 1.4 cli command "show process cpu history | append bootflash:cpuinfo.txt"
action 2.1 cli command "show log | append bootflash:cpuinfo.txt"
action 2.2 cli command "term length 24"

!

My problem is that EEM failed at "enable" then the applet won't execute the CLI commands when the EEM applet is triggered:

debug event manager action cli

Feb 13 11:03:55.508 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:03:55.508 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : CTL : 20+ lines read from cli, debug output truncated
Feb 13 11:03:55.508 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>enable
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : Translating "enable"...domain server (255.255.255.255)
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>term exec prompt timestamp
Feb 13 11:04:04.670 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.670 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>term length 0
Feb 13 11:04:04.782 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.782 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>show process cpu sorted | append bootflash:cpuinfo.txt
Feb 13 11:04:04.894 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : ^
Feb 13 11:04:04.894 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.

Feb 13 11:04:04.895 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:04:04.895 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.895 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>show process cpu history | append bootflash:cpuinfo.txt
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : ^
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>show log | append bootflash:cpuinfo.txt
Feb 13 11:04:05.118 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : ^
Feb 13 11:04:05.118 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Feb 13 11:04:05.119 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:04:05.119 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:05.119 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>term length 24
Feb 13 11:04:05.131 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:05.131 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : CTL : cli_close called.

Please help me to resolve this problem

Thanks

Labels:
0 Helpful
9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni

‎02-13-2016 06:16 AM

What privilege level do you have on the 4500 when your logged in ? show privilege

It could be that blocking you from using eem , if you have priv 15 it could be something else , but the script looks ok

dinhkk2888
Level 1
Level 1
In response to Mark Malone

‎02-13-2016 07:20 PM

Hi mark malone,

User Access Verification

Username: cisco14
Password:
SWITCH#show pri
SWITCH#show privilege
Current privilege level is 14

SWITCH#enable

Password:
SWITCH#

SWITCH#show privilege
Current privilege level is 15

-----------------------------------------------

I found that when i configured the "privilege exec level 1 enable" command, it is ok:

!

privilege exec level 1 enable

!

But due to my company policy, if i config "privilege exec level 10 enable", what can i config next step ? 

---------------------------------------------------------------------------------

Feb 13 11:06:42.790 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : CTL : 20+ lines read from cli, debug output truncated
Feb 13 11:06:42.790 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>enable
Feb 13 11:06:42.792 Hanoi: %PARSER-5-CFGLOG_LOGGEDCMD: User:cisco14 logged command:!exec: enable
Feb 13 11:06:42.803 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH#
Feb 13 11:06:42.803 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH#term exec prompt timestamp
Feb 13 11:06:42.814 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH#
Feb 13 11:06:42.814 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH#term length 0
Feb 13 11:06:42.827 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH#
Feb 13 11:06:42.827 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH#show process cpu sorted | append bootflash:cpuinfo.txt
Feb 13 11:06:43.317 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to dinhkk2888

‎02-14-2016 12:15 PM

Hi you could Try set yourself as priv 10 as that's what's allowed to run the enable_____ username yourname secret xxx priv 10 or try in your eem script enable 10

0 Helpful

dinhkk2888
Level 1
Level 1
In response to Mark Malone

‎02-14-2016 07:03 PM

Hi,

With "privilege exec level 10 enable"

i set three different cases for the below example, i run manual EEM by the "event manager run test1" command but the result is still not better:

-------------------------------------

username cisco14 privilege 14 secret cisco14
username cisco10 privilege 10 secret cisco10
username cisco5 privilege 5 secret cisco5

event manager session cli username cisco10
event manager applet test1
event none
action 0.1 cli command "enable"

-------------------------------------

username cisco14 privilege 14 secret cisco14
username cisco10 privilege 10 secret cisco10
username cisco5 privilege 5 secret cisco5

event manager session cli username cisco10
event manager applet test1
event none
action 0.1 cli command "enable 10"

----------------------------------------
username cisco14 privilege 14 secret cisco14
username cisco5 privilege 5 secret cisco5

event manager session cli username cisco14
event manager applet test1
event none
action 0.1 cli command "enable 10"
--------------------------------------

Feb 15 09:47:40.685 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : CTL : 20+ lines read from cli, debug output truncated
Feb 15 09:47:40.685 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : IN : SWITCH>enable 10
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : OUT : Translating "enable"...domain server (255.255.255.255)
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : CTL : cli_close called.
Feb 15 09:47:40.896 Hanoi: tty is now going through its death sequence

0 Helpful

dinhkk2888
Level 1
Level 1
In response to dinhkk2888

‎02-16-2016 05:32 PM

Hi mark malone and anyone,

can you give me an advice for this case ?

Thanks,

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to dinhkk2888

‎02-17-2016 03:16 AM

Hi really need to lab this to see whats happening have not had a chance but you can try this in your config

enable password level 10 (password)

privilege exec level 10 enable

0 Helpful

dinhkk2888
Level 1
Level 1
In response to Mark Malone

‎02-17-2016 06:28 PM

Hi mark malone,

i tried but it is not better than before.

I think that at the User EXEC Mode of EEM, Switch> is default level 1

if we set "privilege exec level 10 enable" command so EEM can not enter "enable " at the User EXEC Mode of its.

I think we should set the "privilege exec level 1 enable" or " no privilege exec level 10 enable" command 

If you finish your lab on this case, please let me know your result.

Thanks,

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to dinhkk2888

‎02-18-2016 12:37 AM

If you get rid of the priv 10 it will work I thought though you had to have there for company policy so I was trying to work out to get around it :) , im still going to lab it over the weekend when im free to see either way as there has to be a way to get it working even with that there.

0 Helpful

dinhkk2888
Level 1
Level 1
In response to Mark Malone

‎02-18-2016 01:41 AM

Hi, thank you for your time on this matter.

I will look forward to your result.

0 Helpful
Customers Also Viewed These Support Documents