cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7015
Views
20
Helpful
14
Replies

Setup notification when new route get put in routing table

burleyman
Level 8
Level 8

How can I setup an alert to let me know a BGP route has been updated in a routing table?

For example, this route was updated almost 6 hours ago and I would have like to gotten an alert when it change or was added. Note BGP did not reset and has been good for 2 weeks 4 days.

B       xxx.252.xxx.112 [20/10] via 209.xxx.170.xxx, 05:44:37

Thanks,

Mike

2 Accepted Solutions

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

This sounds like a job for the Embedded Event Manager.  This is actually a very commonly requested thing, and there is a simple solution (provided you're not running 15.2(2)T).

event manager applet route-table-monitor

event routing network 0.0.0.0/0 ge 1

action 1.0 syslog msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"

In 15.2(2)T there is a bug that prevents the special 0.0.0.0/0 notation from working.  If you get more specific as to the route network and prefix it will still work, however.

View solution in original post

No, because EEM cannot intercept syslog messages it generates.  However, you could modify the original policy to send and email instead:

event manager applet route-table-monitor
event routing network 0.0.0.0/0 ge 1
action 0.5 set msg
"Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"
action 1.0 syslog msg "$msg"
action 2.0 cli command "enable"
action 3.0 cli command "
show ip route bgp | e w"
action 4.0 info type routername
action 5.0 mail server "10.*.*.*" to "Mike@******" from "****@mycompany.com" subject "New Route on $_info_routername" body "$msg $_cli_result"

View solution in original post

14 Replies 14

Joe Clarke
Cisco Employee
Cisco Employee

This sounds like a job for the Embedded Event Manager.  This is actually a very commonly requested thing, and there is a simple solution (provided you're not running 15.2(2)T).

event manager applet route-table-monitor

event routing network 0.0.0.0/0 ge 1

action 1.0 syslog msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"

In 15.2(2)T there is a bug that prevents the special 0.0.0.0/0 notation from working.  If you get more specific as to the route network and prefix it will still work, however.

Thanks for the information and sorry for the late reponse I was off for Christmas. I will try and set this up and let you know. I just type in what you have there in config mode....correct?

Mike

Yep, just config t and paste that in.

Nice one Joe.  Does this EEM script work on the 6500/Sup720 or is this only valid on a router?

It will work on any device that supports EEM 3.0.  It will only work on a Sup 2T on the 6500.

It will only work on a Sup 2T on the 6500.

Noooooooooooooooooooooooooooooooooooooooooooooooooooo ... !

Thanks Joe...

Will this work on a 2821 and 3845 router?

running

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)

Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)

Thanks,

Mike

Yes, 12.4(24)T includes EEM 3.0.

Joe,

If I wanted to email myself this change would this work?

event manager applet mail_cfg_chg

event syslog pattern ".Route changed.*"

action 1.0 info type routername

action 1.1 cli command "show log | inc Route Changed"

action 1.2 cli command "show ip route bgp | e w"

action 1.3 mail server "10.*.*.*" to "Mike@******" from "****@mycompany.com" subject "New Route on ****" body "$_cli_result"

Thanks,

Mike

No, because EEM cannot intercept syslog messages it generates.  However, you could modify the original policy to send and email instead:

event manager applet route-table-monitor
event routing network 0.0.0.0/0 ge 1
action 0.5 set msg
"Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"
action 1.0 syslog msg "$msg"
action 2.0 cli command "enable"
action 3.0 cli command "
show ip route bgp | e w"
action 4.0 info type routername
action 5.0 mail server "10.*.*.*" to "Mike@******" from "****@mycompany.com" subject "New Route on $_info_routername" body "$msg $_cli_result"

Thanks bunches....

I have to learn this stuff it is very cool. I picked up the "TcL scripting for Cisco IOS" book from Cisco Press but have not had a chance to look at it yet.

Mike

I just tried to enter this in our test router and the second line.....  event routing network 0.0.0.0/0 ge 1 is not an option...here is what I have.....Do I need to upgrade the IOS?

ROCTEST_2821(config-applet)#event ?

  application        Application specific event

  cli                CLI event

  config             Configuration policy event

  counter            Counter event

  env                Environmental event

  gold               GOLD event

  interface          Interface event

  ioswdsysmon        IOS WDSysMon event

  none               Manually run policy event

  oir                OIR event

  resource           Resource event

  rf                 Redundancy Facility event

  rpc                Remote Procedure Call event

  snmp               SNMP event

  snmp-notification  SNMP Notification Event

  syslog             Syslog event

  tag                event tag identifier

  timer              Timer event

  track              Tracking object event

I checked and here is the EEM information

ROCTEST_2821#show event manager ver

Embedded Event Manager Version 2.40

Component Versions:

eem: (v240_throttle)2.21.85

eem-gold: (v240_throttle)1.2.34

eem-call-home: (v240_throttle)2.0.0

Event Detectors:

Name                Version   Node        Type   

appl                01.00     node0/0     RP     

rf                  01.00     node0/0     RP     

syslog              01.00     node0/0     RP     

resource            01.00     node0/0     RP     

track               01.00     node0/0     RP     

cli                 01.00     node0/0     RP     

counter             01.00     node0/0     RP     

gold                01.00     node0/0     RP     

interface           01.00     node0/0     RP     

ioswdsysmon         01.00     node0/0     RP     

none                01.00     node0/0     RP     

oir                 01.00     node0/0     RP     

snmp                01.00     node0/0     RP     

snmp-notification   01.00     node0/0     RP     

timer               01.00     node0/0     RP     

test                01.00     node0/0     RP     

config              01.00     node0/0     RP     

env                 01.00     node0/0     RP     

rpc                 01.00     node0/0     RP  

Yes, you need EEM 3.0 or higher.  I thought you said this would run on 12.4(24)T?  That version of IOS definitely has EEM 3.0.  It was introduced in 12.4(22)T.

Sorry I just re-read the thread after I posted and saw that. I was trying it on a test router which is at a lower IOS level. I will try it on something else and let you know.

Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco