Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Extracting from Syslog msg !

Hi all, can someone tell me how can i write a tcl script that extracts information from the syslog message that generates the event

For example if this is my event

::cisco::eem::event_register_syslog pattern "%CRYPTO-6-EZVPN_CONNECTION_UP: (Server) Mode=CLIENT_OR_NEM_PLUS Client_type=UNKNOWN User= Group=illusion Client_public_addr=10.1.4.3 Server_public_addr=192.168.1.1 Assigned_client_addr=24.12.1.15"

now i want to add client assigned ip address to my access-list, how can i extract this information in my tcl script

any one pls

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Extracting from Syslog msg !

The only special construct in the code example is the event_reqinfo function. It is a special EEM function that returns the event information in array format. That function is documented at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl_ps6441_TSD_Products_Configuration_Guide_Chapter.html .

Within that array is the msg element. This element is only present when the event detector used is syslog. The msg element contains the message string which triggered the EEM syslog policy. Next, I perform a regular expression match on the string to pull out the desired portion, and store it in the $addr variable.

3 REPLIES
Cisco Employee

Re: Extracting from Syslog msg !

array set arr_einfo [event_reqinfo]

if { [regexp {Assigned_client_addr=([0-9\.]+)} $arr_einfo(msg) -> addr] } {

puts "The client addr is $addr"

# Do config commands here.

}

Community Member

Re: Extracting from Syslog msg !

Dear Jclarke, thanks alot, really thank you alot for prompt response, i was hoping that you will surely answer. Sir i have been a good programmer back 3 years but now its a bit slow, if you could plz just give a brief review of what these lines actually do, i mean i know what an array is but which variable actually contains the CAUGHT syslog msg ? if also possible, can you also forward me a cisco doc that explains how to extract information from syslog msgs, like in eem i know there is a variable $_syslog_msg, but i am confused in tcl, i hope you understand,

Pls i am sorry if i am bothering you but waiting for again positive feedback

Cisco Employee

Re: Extracting from Syslog msg !

The only special construct in the code example is the event_reqinfo function. It is a special EEM function that returns the event information in array format. That function is documented at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl_ps6441_TSD_Products_Configuration_Guide_Chapter.html .

Within that array is the msg element. This element is only present when the event detector used is syslog. The msg element contains the message string which triggered the EEM syslog policy. Next, I perform a regular expression match on the string to pull out the desired portion, and store it in the $addr variable.

229
Views
0
Helpful
3
Replies
CreatePlease to create content