So first let's configure some variables:
event manager environment _email_server <MAIL SERVER IP>
event manager environment _email_from<SENDER EMAIL>
event manager environment _email_to <RECIPIENT EMAIL>
First applet - Mail configuration change:
each change in the router configuration it will send the changes, by email, to the recipient.
event manager applet mail_cfg_chg
event syslog pattern ".*%SYS-5-CONFIG_I.*"
action 1.0 info type routername
action 1.1 cli command "enable"
action 1.2 cli command "show archive log config all"
action 1.3 mail server "$_email_server" to "$_email_to" from "$_email_from" cc "$_email_cc" subject "Config change" body "$_cli_result"
action 1.4 cli command "clear archive log config force"
the applet is looking for syslog pattern of ".*%SYS-5-CONFIG_I.*" then put the router name, enter into privilege mode, shows the archive log config and send it by email, afterwards clear the archive log in order to keep the log clean for the next change.
Of course for this to work we need archive configuration:
notify syslog contenttype plaintext
Second applet - IPSec login notification
event manager applet ipsec_login
event syslog pattern "%CRYPTO-5-SESSION_STATUS"
action 1.0 cli command "enable"
action 1.1 cli command "show log | i Crypto tunnel"
action 1.2 puts "$_cli_result"
action 1.3 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "IPSec Login" body "$_cli_result"
I'm running IPSec on my router and i would like to be notified every time someone is logging in and to know his IP address.
again a syslog message trigger this event and send the log output by email, also don't forget to activate crypto logging:
crypto logging session
One thing i didn't manage yet is to send only the last logged session, hence these applet will send all logged sessions every time a new session is login.
I have tried few test with the following syntax:
action 1.x cli command "show log | b xxxx|redirect log_file