Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5530
Views
0
Helpful
4
Replies

EEM event manager applet problem

Go to solution
OSNAFBCCO
Level 1
Level 1

‎09-06-2010 09:29 PM

I'm trying to create an EEM applet to log the output of a command to file every 5 minutes. The idea is to get a traffic baseline for implementing control plane policing but I want statistics from at least a whole week (not just while I'm at work). I have a 6506-E running 12.2(18)SXF17a for WLSM (WS-SVC-WLAN-1-K9) support. Initially I was trying to save the file to tftp but it turns out one cannot "| append" to a file on a tftp server. I thought about trying to increment the file name with a counter but instead I opted for this:

event manager applet controlplanelog
 event timer cron name controlplanelog cron-entry "0/5 * * * *"
 action 1.0 cli command "enable"
 action 1.1 cli command "show policy-map control-plane | append disk1:log.txt"


This didn't seem to work because the contents of the file "disk1:log.txt" didn't change over the course of my lunch time. I thought I had the timer messed up so I changed the entry "0/5 * * * *" to "0,5,10,15,20,25,30,35,40,45,50,55 * * * *". That didn't work either so I changed the event to none and ran it manually using "event manager run" and still, the file "disk1:log.txt" contents did not change.

Am I trying to execute an unsupported command or is this an error or am I just doing it wrong? Any help would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to OSNAFBCCO

‎09-09-2010 11:34 PM

How long does it take for the command to run to completion?  Can you try another command such as "show version | append ..."?  Can you also do "show policy-map control-plane" without the append and post the debug output?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎09-07-2010 09:17 PM

This looks fine.  I think you might be seeing a problem with AAA command authorization.  Can you enable "debug event manager action cli" then re-run your policy and post the output?

0 Helpful

Go to solution
OSNAFBCCO
Level 1
Level 1
In response to Joe Clarke

‎09-08-2010 09:57 PM

I enabled debug event manager action cli and the output was the following.

455771: Sep  8 17:39:03.477 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : CTL : cli_open called.
455772: Sep  8 17:39:03.577 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
455773: Sep  8 17:39:03.577 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT : 6506>
455774: Sep  8 17:39:03.577 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : IN  : 6506>enable
455775: Sep  8 17:39:03.589 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
455776: Sep  8 17:39:03.589 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT : 6506#
455777: Sep  8 17:39:03.589 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : IN  : 6506#show policy-map control-plane | append disk1:log.txt

It doesn't seem like anything is wrong but when I check the file again it does not change. I tested the command by copypasting and the command when manually entered that way, it adds lines to the file. We have another 6500 so I copypasted the config to that device which adds the command output to the file as expected. The only real difference is the IOS version with the one that is working which is running SXI3.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to OSNAFBCCO

‎09-09-2010 11:34 PM

How long does it take for the command to run to completion?  Can you try another command such as "show version | append ..."?  Can you also do "show policy-map control-plane" without the append and post the debug output?

0 Helpful

Go to solution
OSNAFBCCO
Level 1
Level 1
In response to Joe Clarke

‎09-10-2010 12:06 AM

That is wierd. I must have typed it in wrong somewhere....

I had already removed all eem commands since I used the numbers from the other 6500 log file. When I added them back in with the command changed to "show version" the text file was modified as expected. Even before checking the file, I noticed a difference because I had debugging on per your previous suggestion and these lines showed up in addition to the lines which previously showed up.

545685: Sep 10 15:41:24.674 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
545686: Sep 10 15:41:24.674 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT : 6506#
545687: Sep 10 15:41:24.674 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : IN  : 6506#exit
545688: Sep 10 15:41:24.674 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : CTL : cli_close called.


At this point I reverted to the original command and it now works as expected.

For the sake of progeny, here is the debugging when not appending to a file.

545990: Sep 10 15:50:27.016 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : CTL : cli_open called.
545991: Sep 10 15:50:27.120 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
545992: Sep 10 15:50:27.120 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT : 6506>
545993: Sep 10 15:50:27.120 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : IN  : 6506>enable
545994: Sep 10 15:50:27.132 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
545995: Sep 10 15:50:27.132 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT : 6506#
545996: Sep 10 15:50:27.132 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : IN  : 6506#show policy-map control-plane
545997: Sep 10 15:50:27.144 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
545998: Sep 10 15:50:27.144 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :  Control Plane Interface
545999: Sep 10 15:50:27.144 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
546000: Sep 10 15:50:27.144 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :   Service-policy input: copp-policy
546001: Sep 10 15:50:27.144 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :
546002: Sep 10 15:50:27.144 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : OUT :   Hardware Counters:
(ouput omitted)
546017: Sep 10 15:50:27.148 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : CTL : 20+ lines read from cli, debug output truncated
546018: Sep 10 15:50:27.148 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : IN  : 6506#exit
546019: Sep 10 15:50:27.148 KST: %HA_EM-6-LOG: controlplanelog : DEBUG(cli_lib) : : CTL : cli_close called.

On a side note I have been pondering something unrelated to my original question but maybe you know the answer to that too. If I have NTP restricted by an access list using the "ntp access-group peer" and "ntp access-group serve" commands as well as through control plane policing, which list is processed first: Do the "ntp access-group" commands keep packets from entering the control plane that don't match the list or do they hit the control plane before being dropped by the access-list?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents