Search This Blog

Saturday, October 13, 2012

2 EEM useful applets

As part of my on going home router configuration tests i have configured 2 useful EEM applets, I'm not going to broaden about EEM beside the fact that this is is a powerful and flexible subsystem that provides real-time network event detection and on board automation.

So first let's configure some variables:

event manager environment _email_server <MAIL SERVER IP>
event manager environment _email_from<SENDER EMAIL>
event manager environment _email_to <RECIPIENT EMAIL>

First applet - Mail configuration change:
each change in the router configuration it will send the changes, by email, to the recipient.

event manager applet mail_cfg_chg
 event syslog pattern ".*%SYS-5-CONFIG_I.*"
 action 1.0 info type routername
 action 1.1 cli command "enable"
 action 1.2 cli command "show archive log config all"
 action 1.3 mail server "$_email_server" to "$_email_to" from "$_email_from" cc "$_email_cc" subject "Config change" body "$_cli_result"
 action 1.4 cli command "clear archive log config force"

Short explanation:
the applet is looking for syslog pattern of ".*%SYS-5-CONFIG_I.*" then put the router name, enter into privilege mode, shows the archive log config and send it by email, afterwards clear the archive log in order to keep the log clean for the next change.

Of course for this to work we need archive configuration:

 log config
  logging enable
  notify syslog contenttype plaintext
 path flash:configs/archive
 maximum 14

My archive configuration notify the syslog, in plain text, about any change and also keeps the last 14 configurations, under archive directory in the flash, every time the write-mem command is running.

Second applet - IPSec login notification

event manager applet ipsec_login
 event syslog pattern "%CRYPTO-5-SESSION_STATUS"
 action 1.0 cli command "enable"
 action 1.1 cli command "show log | i Crypto tunnel"
 action 1.2 puts "$_cli_result"
 action 1.3 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "IPSec Login" body "$_cli_result"

Short explanation:
I'm running IPSec on my router and i would like to be notified every time someone is logging in and to know his IP address.

again a syslog message trigger this event and send the log output by email, also don't forget to activate crypto logging:
crypto logging session

One thing i didn't manage yet is to send only the last logged session, hence these applet will send all logged sessions every time a new session is login.

I have tried few test with the following syntax:

action 1.x cli command "show log | b xxxx|redirect log_file

 also with tee/append and so on but without success so if someone has got an idea i would pleased to hear.


No comments:

Post a Comment