CCIE学习笔记之EEM
当内存使用到一定程度生成日志并发邮件:
注册applet并进入applet配置模式:
Router(config)# event manager appletmemory-fail
定义触发事件:
event snmp oid oid-value get-type{exact|next} entry-op operator entry-val entry-value[exit-comb| and}] [exit-opoperator] [exit-val exit-value] [exit-time exit-time-value] poll-intervalpoll-int-value
例:Router(config-applet)#eventsnmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1get-type exact entry-op lt entry-val5120000 poll-interval 90
//an EEM event is triggered when free memoryfalls below the value of 5120000
动作显示日志:
action label syslog [prioritypriority-level] msg msg-text facility string
例:Router(config-applet)#action 1.0 syslog priority critical msg"Memory exhausted; current available memory is $_snmp_oid_val bytes"
动作发送邮件:
action label mail server server-address toto-address from from-address [cc cc-address] subject
subject body body-text
例:Router(config-applet)#action 2.0 mail server 192.168.1.10 to [email protected] from [email protected] subject "Memory failure" body "Memory exhausted;current
available memory is $_snmp_oid_valbytes"
设置环境变量:
event manager environment _email_to [email protected]
手动执行:
Router(config)#event manager applet manual-policy
Router(config-applet)# event none
Router(config-applet)# action 1.0 syslog msg"Manual-policy triggered"
Router# event manager run manual-policy
查看注册:
show event manager policy registered
取消注册:
no event manager policy policy-filename
例:
Router(config)# no event manager policyIPSLAping1
//Removes the EEM policy from theconfiguration,causing the policy to be unregistered.
暂停执行所有EEM策略:
Router(config)# event manager schedulersuspend
Tracking a Stub Object
Router(config)# track 2 stub-object
Router(config-track)# default-state up
Router(config)# event manager applet track-two
Router(config-applet)# event track 2 state down
Router(config-applet)# action 1.0 track set 2 state up
Router(config-applet)# action 2.0 trackread 2
显示EEM历史数据:
Router(config)# event manager history sizeevents 30
Router# show event manager history events
No. Time of Event EventType Name
1 Fri Aug13 21:42:57 2004 snmp applet: SAAping1
2 Fri Aug13 22:20:29 2004 snmp applet: SAAping1
3 Wed Aug18 21:54:48 2004 snmp applet: SAAping1
4 Wed Aug18 22:06:38 2004 snmp applet: SAAping1
5 Wed Aug18 22:30:58 2004 snmp applet: SAAping1
6 Wed Aug18 22:34:58 2004 snmp applet: SAAping1
7 Wed Aug18 22:51:18 2004 snmp applet: SAAping1
8 Wed Aug18 22:51:18 2004 application applet: CustApp1
Router# show event manager history trapspolicy
No. Time TrapType Name
1 Wed Aug18 22:30:58 2004 policy EEM Policy Director
2 Wed Aug18 22:34:58 2004 policy EEM Policy Director
3 Wed Aug18 22:51:18 2004 policy EEM Policy Director
Router# show event manager policy registeredtime-ordered
No. Type Event Type Time Registered Name
1 applet snmp Thu May30 05:57:16 2004memory-fail
oid{1.3.6.1.4.1.9.9.48.1.1.1.6.1} get-type exact entry-op lt entry-val
{5120000} poll-interval 90
action 1.0 syslog priority critical msg"Memory exhausted; current available memory
is $_snmp_oid_val bytes"
action 2.0 force-switchover
2 applet syslog Wed Jul16 00:05:17 2004 intf-down
pattern {.*UPDOWN.*Ethernet1/0.*}
action1.0 cns-event msg "Interface state change: $_syslog_msg"
Configuring Event SNMP Notification
Router(config-applet)# eventsnmp-notification dest-ip-address 192.168.1.1 oid 1 op eq oid-val 10
多事件检测:
event manager applet delay_50
event tag 1.0 cli pattern "show bgpall" sync yes occurs 32 period 60 maxrun 60
event tag 2.0 syslog pattern "COUNT"
trigger occurs 1 delay 50
correlate event 1.0 or event 2.0
attribute tag 1.0 occurs 1
attribute tag 2.0 occurs 1
action 1.0 cli command "show memory"
action2.0 cli command "enable"
action 3.0 cli command "configterminal"
action 4.0 cli command " ip route192.0.2.0 255.255.255.224 192.0.2.12"
action 91.0 cli command "exit"
action 99.0 cli command "show ip route |incl 192.0.2.5"
Configuring EEM Class-Based Scheduling
Router(config)# event manager schedulerapplet thread class default number 2
//In this example, two EEM executionthreads are created to run applets assigned to the default class
Holding a Scheduled EEM Policy Event or Event Queue
Router# event manager scheduler hold policy2
// Router# event manager scheduler holdpolicy 2
Resuming Execution of EEM Policy Events or Event Queues
Router# event manager scheduler release policy 2
// The example shows how to resume theexecution of the policy with job ID of 2
Clearing Pending EEM Policy Events or Event Queues
Router# event manager scheduler clearpolicy 2
// In this example, the EEM policy with ajob ID of 2 is cleared from the pending queue
Modifying the Scheduling Parameters of EEM Policy Eventsor Event Queues
event manager scheduler modify all class A
// In this example, all currently pendingEEM policies are assigned to class A
Reading Input from the Active Console
Router(config)# event manager applet action
Router(config-applet)# event none
Router(config-applet)# action label2 getsinput
// Gets input from the local console in asynchronous applet and stores the value in the given variable when an EEMapplet is triggered.
Router(config-applet)# action label3 syslogmsg “Input entered was \”$input\“”
In this example, the action to be taken isto write the value of the variable specified in Step 5, to syslog
效果:
Writing Input to the Active Console
Router(config-applet)# event manager appletputs
Router(config-applet)# event none
Router(config-applet)# action 1 regexp"(.*) (.*) (.*)" "one two three" _match _sub1
// Specifies the action to match theregular expression pattern on an input string when an EEM applet is triggered
Router(config-applet)# action 2 puts"match is $_match"
Router(config-applet)# action 3 puts"submatch 1 is $_sub1"
Router# event manager run puts
match is one two three
submatch 1 is one
Configuring SNMP Library Extensions
Router(config)# event manager applet snmp
Router(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1get-type exac entry-op lt entry-val 5120000 poll-interval 90
// event snmp oid oid-value get-type {exact| next} entry-op operator
entry-val entry-value[exit-comb | and}][exit-op operator] [exit-val
exit-value] [exit-time exit-time-value]poll-interval poll-int-value
//In this example, an EEM event is
triggered when free memory falls below
the value of 5120000
Router(config-applet)# action 1.3 info typesnmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type exact community public ipaddr172.17.16.69
// action label info type snmp oidoid-value get-type {exact| next}
[community community-string] [ipaddrip-address]
// In this example, the type of getoperation
is specified as exact and community
string is specified as public.
Router(config-applet)# action 1.4 info typesnmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 set-type integer 42220 sysName.0community rw ipaddr 172.17.16.69
// action label info type snmp oidoid-value set-type oid-type oid-type-value community community-string [ipaddrip-address]
// In this example, the sysName.0 variable
is specified for the set operation and
community string is specified as rw.
Router(config-applet)# action 1.3 info typesnmp getid community public ipaddr 172.17.16.69
// action label info type snmp getidoid-value [community community-string] [ipaddr ip-address]
// (Optional) Specifies if the individual
variables should be retrieved by the getid
operation
Configuring EEM Applet for SNMP OID Notifications
Router(config)# event manager applet snmp
Router(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1get-type exact entry-op lt entry-val 5120000 poll-interval 90
Router(config-applet)# action 1.3 info typesnmp var sysDescr.0 oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 integer 4220
// action label info type snmp varvariable-name oid oid-value oid-type oid-type-value
// In this example, the sysDescr.0 variableis used
outer(config-applet)# action 1.4 info type snmptrap enterprise-oid 1.3.6.1.4.1.1 generic-trapnum 4 specific-trapnum 7 trap-oid1.3.6.1.4.1.1.226.0.2.1 trap-var sysUpTime.0
// action label info type snmp trapenterprise-oid enterprise-oid-value
generic-trapnum generic-trap-numberspecific-trapnum specific-trap-number trap-oid trap-oid-value trap-vartrap-variable
// In this example, theauthenticationFailure trap is generated
// The specific trap number refers to the
enterprise-specific trap, which isgenerated
when an enterprise event occurs. If the
generic trap number is not set to 6, the
specific trap number you specify will be
used to generate traps
Router(config-applet)# action 1.4 info typesnmp inform trap-oid 1.3.6.1.4.1.1.226.0.2.1 trap-var sysUpTime.0 communitypublic ipaddr 172.69.16.2
// action label info type snmp informtrap-oid trap-oid-value trap-var trap-variable community community-stringipaddr ip-address
// In this example, the inform request is generatedfor the sysUpTime.0 variable
Configuring Variable Logic for EEM Applets
Router(config)# event manager appletcondition
Router(config-applet)#even none
Router(config-applet)#action 1.0 set i 2
// In this example, the value of thevariable i is set to 2
Router(config-applet)# action 2 while $i lt10
// In this example, a loop is set to checkif the value of the variable i is less than 10
Router(config-applet)# action 3 syslog msg "i is $i"
// In this example, the message ‘i is $_i’is written to the syslog
Router(config-applet)# action 3 end
Specifying if else Conditional Blocks
Router(config)# event manager appletifcondition
Router(config-applet)# action 1.0 set x 5
Router(config-applet)# action 2.0 if $x lt10
Router(config-applet)# action 3.0 puts “$xis less than 10”
Router(config-applet)# action 4.0 else
Router(config-applet)# action 5.0
Specifying foreach Iterating Statements
Router(config)# event manager appletiteration
Router(config-applet)# action 2.0 foreach iterator "red blue green orange"
Router(config-applet)# action 3.0 puts "Iterator is $iterator"
Router(config-applet)# action 4.0 end
Using Regular Expressions
Router(config)# event manager applet regexp
Router(config-applet)# action 2.0 regexp"(.*) (.*) (.*)" "red blue green" _match _sub1
//In this example, an input string of ‘redblue green’ is
specified. When the expression patternmatches the input
string, the entire result red blue green isstored in the
variable _match and the submatch redisstored in the
variable _sub1
Incrementing the Values of Variables
Router(config)# event manager appletincrement
Router(config-applet)#action 1.0 setvarname 20
Router(config-applet)#action 2.0 increment varname 12
// In this example, the value of thevariable is incremented by 12
Configuring Event SNMP Object
Router(config)# event manager appletmanual-policy
Router(config-applet)# event snmp-objectoid 1.9.9.9.9 type gauge sync yes
action 1 syslog msg "oid =$_snmp_oid"
action 2 syslog msg "request =$_snmp_request"
action 3 syslog msg "request_type =“$_snmp_request_type"
Disabling AAA Authorization
Router(config-applet)# event manager appletone class A authorization bypass
//event manager applet applet-name[authorization bypass][class class-options] [trap]
// allow EEM policies to bypass AAAauthorization when triggered
Description of EEM
event manager applet applet-name
description line
Application-Specific Event Detector
event manager applet EventPublish_A
event timer watchdog time 20.0 //每20秒执行一次
action 1.0 syslog msg "AppletEventPublish_A"
action 2.0 publish-event sub-system 798 type 1arg1 twenty //公布事件(用于触发)
exit
event manager applet EventPublish_B
event application sub-system 798 type 1 //触发事件
action 1.0 syslog msg "AppletEventPublish_B arg1 $_application_data1"
//事件a的执行出发事件b的执行,事件a如果不执行,事件b也不执行:
CLI Event Detector
event manager applet cli-match
event cli pattern "write mem.*" syncyes // yes the event detector isnotified when this policy completes running
action 1.0 syslog msg "$_cli_msg CommandExecuted"
set 2.0 _exit_status 1 // The exit status of the policy determineswhether the CLI command will be executed the policy exit status is set to oneand the CLI command runs
另一个例子:
Counter Event Detector and Timer Event Detector
event manager applet EventCounter_A
eventtimer watchdog time 60.0
action 1.0 syslog msg “EventCounter_A”
action 2.0 counter name critical_errors op incvalue 1
exit
event manager applet EventCounter_B
event counter name critical_errors entry-op gtentry-val 3 exit-op lt exit-val 3
action1.0 syslog msg “EventCounter_B”
action 2.0 counter name critical_errors op setvalue 0
aa运行4次bb运行1次,不断重复:
Interface Counter Event Detector(监测接口)
event manager applet EventInterface
event interface name FastEthernet0/0 parameterreceive_throttle entry-op ge entry-val 5
entry-val-is-increment true poll-interval 90
action 1.0 syslog msg "AppletEventInterface"
Resource Event Detector(监测资源)
event manager applet policy-one
event resource policy cpu-high
action 1.0 syslog msg “CPU high at$_resource_current_value percent”
SNMP Event Detector
The following example shows how to specifyan EEM applet to run when the CPU usage is greater than 75 percent. When theEEM applet runs, the CLI commands enable and show cpu processes are run, and ane-mail containing the result of the show cpu processes command is sent to anengineer.
event manager appletsnmpcpuge75
event snmpoid 1.3.6.1.4.1.9.9.109.1.1.1.1.3.1 get-type exact entry-op ge entry-val 1 poll-interval10
action 1.0cli command "enable"
action 2.0cli command "show process cpu"
action 3.0 mail server"192.168.1.146" to "[email protected]" from"[email protected]"
subject "B25 PBX Alert" body"$_cli_result"
event manager applet memory-demo
event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1get-type exact entry-op lt entry-val 5120000
poll-interval 90
action 1.0 syslog priority critical msg"Memory exhausted; current available memory is
$_snmp_oid_val bytes"
action 2.0 force-switchover
// The applet will run when the
available memory on the primary RP fallsbelow the specified threshold of 5,120,000 bytes. The applet
actions are to write a message to syslogthat indicates the number of bytes of memory available and to
switch to the secondary RP
Syslog Event Detector
event manager applet interface-down
event syslog pattern “.*UPDOWN.*Ethernet1/0.*”occurs 4
action 1.0 syslog msg "Ethernet interface1/0 changed state 4 times"
事件的嵌套:
vent manager applet manual-policy
event none
action 1.0 syslog msg "Manual-policytriggered"
exit
!
event manager applet manual-policy-two
event none
action 1.0 policy manual-policy
end
!
event manager run manual-policy-two
Tracking a Stub Object Using EEM
track 10 stub-object
default-state down
!
event manager applet track-ten
event track 10 state any
action 1.0 track set 10 state up
action 2.0 track read 10
Embedded Event Manager Watchdog System Monitor (Cisco IOSwsmon) Event Detector
cpu:
event manager applet c
event ioswdsysmon sub1 cpu-proc taskname"Exec" op lt val 20 period 10
action 1 syslog msg "cpu c"
memory:
event manager applet c
event ioswdsysmon sub1 mem-proc taskname"Net Input" op lt val 90 is-percent true period 10
action 1 syslog msg "mem c"
Configuration SNMP Library Extensions Examples
Thefollowing example shows how to send a get request to the local host
Router(config)# event manager applet snmp
Router(config-applet)# event snmp oid
1.3.6.1.2.1.1.1.0 get-type exact entry-op
ltentry-val
5120000 poll-interval
90
Router(config-applet)# action 1.3 info typesnmp oid
1.3.6.1.2.1.1.1.0 get-type exact
community
public
Router(config-applet)# action 1.3 info typesnmp oid
1.3.6.1.2.1.1.4.0get-type next community
public
Thefollowing example shows how to send a get request to a remote host
Router(config)# event manager applet snmp
Router(config-applet)# event snmp oid
1.3.6.1.2.1.1.1.0 get-type exact entry-op
ltentry-val
5120000 poll-interval
90
Router(config-applet)# action 1.3 info typesnmp oid
1.3.6.1.2.1.1.4.0 get-type next community
public ipaddr
172.17.16.69
Router(config-applet)# action 1.3 info typesnmp getid
1.3.6.1.2.1.1.1.0 community
public ipaddr
172.17.16.69
Managing EEM Policies
Router(config)# event manager directory user library disk0:/usr/lib/tcl
//Specifies a directory to use for storinguser library files or user-defined EEM policies
action label2 multiply 23 25
乘法,结果存在$_result中
除法的余数存在$_remainder
除法:
