embedded event manager (eem) - cisco · step 1 –register user directories register user policy...

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Embedded Event Manager (EEM)

Navid Molavi och Patrik Bagge


Embedded Event Manager

Agenda:

What is EEM?

What's the benefits? – Real world examples

EEM Demo


Embedded Event Manager

Goal of this partner update session:

Overview of EEM

EEM Information resources

Start using EEM


Thinking Inside the Box– The Future of Network Management

Networks are getting larger

Network management task more complex

Business critical application increasingly depend on net

High dependency means higher availability requirements

Reaction times must be shorter

Continuous cost pressures

All driving a need for automation and distributed/cooperative network management

==> EMBEDDED MANAGEMENT

SiSi SiSi

SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi

SiSi SiSi



Getting An Insider’s View with EEM

SiSi SiSi


EEM

Interpret

from

outside

vs.

See from

within


What is Embedded Event Manager (EEM)?

Detect and generate events when certain conditions are met in the network devices

Gives in-box granular visibility and control oppose to external communication

Distributed automation with instant reaction

A tool that adapts devices to specific customer requirements

Beneficial for Cisco partners extending the service offerings

Supported on C3K, 4500, 6500, ISR, ASR, 7600, IOS-XR/NX-OS


Event Detector

Embedded Event

Manager

Policy

AppletsTCL

Scripts Policies (scripts)

Applets ( defined via CLI, simpler)

Tcl-based ( programmed in TCL as complex as you want)

EEM Server

The “brains” of the system

Event Detectors

“watch for events of interest”

All of this is internal to Cisco IOS

Embedded Event Manager (EEM)


*Not all available in all releasesEmbedded Event Manager (EEM)

2. An EEM Event Detector receives notification

3. An EEM Policy is activated that initiates a pre-

defined set of actions

1. Something happens on the causing an

Event to trigger

Event Detector

Embedded Event

Manager

Policy

AppletsTCL

Scripts



*Not all available in all releasesEmbedded Event Manager (EEM)

For each incremental EEM version (1, 2.0, 3.0,

3.2) there in an increment of Event

Detectors Event Detector

Embedded Event

Manager

Policy

AppletsTCL

Scripts



Availability of Event DetectorsEvent

DetectorDescription

(ED Triggers, based on ...)

EEM Version in IOS IOS XR IOS XE NX-OS

1.0 2.0 2.1 2.2 2.3 2.4 3.0 3.1 3.2 3.6 3.7 2.1 2.2 4.0 4.1

Syslog RegExp match of local syslog message

SNMP Notif SNMP MIB Variable Threshold

Watchdog IOS process or subsystem activity events

Interface Counter (Interface) Counter Threshold

Timer Designated Time or Interval

Counter Change of a designated counter value

Application specific An IOS subsystem or policy script

CLI RegExp match of input via command line interface

OIR Hardware online insertion and removal OIR

none No trigger, used in conjunction with exec command

ERM Embedded Resource Manager (ERM) events

EOT Enhanced Object Tracking variable (EOT) events

RF IOS Redundancy Facility (switchover)

GOLD Generic Online Diagnostics (GOLD) events

SNMP Proxy Incoming remote SNMP Notification

XML RPC Incoming XML message

Routing State change of Routing Protocols

Netflow Traffic Flow information from Netflow

IPSLA IPSLA events (supersedes EOT for EEM / IPSLA)

CLI enhanced Integrates CLI Ed with the XML PI

SNMP Object Intercept SNMP GET/SET requests

Neighbor Disco CDP, LLPD, Link up/down events

Identity 802.1x and MAB authentication events

MAC MAC Address Table entry changes

Hardware Register for environmentla monitoring hardware

Statistics Threshold crossing of a statistical counter

Fan (absent / bad) Presence and State of a Fan

Module failure Occurence of a Module Failure Event

Storm Control Occurence of a Storm Control Event

Temperature Temperature Sensor Thresholds


EEM 3.0 Event Detectors

EEM 3.0 Applet Actions


EEM for Real World Challenges

Challenge 1: Every few weeks a router is running low on memory around 2am, and I want to find out what’s happening

Solution: EEM script could be triggered based on the memory utilization, capture the memory information and send the output with Syslog or Email

Challenge 2: One of the (redundant) links has problems with occasionalhigh error rates, but does not go down. It causes service interruption for my customer.

Solution: EEM script could be triggered on the interface errors, remove the link to force the

use of the stable link and send a notification by Syslog

Challenge 3: my ACL configuration gets changed, I want to get notified, but I can’t sit there monitor it all the time

Solution: EEM script could be triggered by CLI command, take a snapshot of the logged in user, changed configuration, and send an email to you


EEM for Real World Challenges, cont.

Challenge 4: I want to save energy, but I can’t go around turn off everyone’s IP phone everyday

Solution: Timer ED can be used to trigger the execution of an EEM script to turn off your IP phone at 7pm everyday and turn it back on 7am the next day

Challenge 5: Collect data via SNMP, even if there is no MIB support currently available

Solution: Expression-MIB provides the capability to process data into more relevant

information via SNMP


EEM Support Resource

EEM

http://www.cisco.com/go/eem

Automated Diagnostics for Commercial Networks (ready to use Scripts)http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps9421/networking_solutions_products_genericcontent0900aecd80719ee6.html

Embedded Event Manager (EEM) Scripting Community

http://forums.cisco.com/eforum/servlet/EEM?page=main

- Open source scripts, share, upload, downloa, learn by examples

Categories include: Ntwk mgmt, Diagnostics, Routing, QoS, High availability, User interface, Security etc

- EEM related discussions, post your question to get answer from EEM experts

Email [email protected]

Embedded Packet Capture (EPC): www.cisco.com/go/epc

IPSLA: www.cisco.com/go/ipsla

NBAR: www.cisco.com/go/nbar

NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf

GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html

http://www.cisco.com/go/eem

http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps9421/networking_solutions_products_genericcontent0900aecd80719ee6.html



http://forums.cisco.com/eforum/servlet/EEM?page=main

mailto:[email protected]

http://www.cisco.com/go/epc

http://www.cisco.com/go/ipsla

http://www.cisco.com/go/nbar

http://www.cisco.com/go/netflow

http://www.cisco.com/go/fnf

http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html


EEM Demo


Buffer

Capture

Point

See: http://www.cisco.com/go/epc

Available from: IOS 12.4(20)T

Platforms: 8xx, 18xx, 28xx, 38xx ISRs, 72xx

Solution: Make use of IOS Embedded Packet Capture to capture PCAP format data and/or analyze on the device

Troubleshooting & Optimization

Embedded Packet Capture (EPC)

1. Defining a capture buffer on the device

Router# monitor capture buffer …

2. Defining a capture point

Router# monitor capture point …

3. Associate capture point to buffer

Router# monitor capture point associate …

5. Show and/or Export the content of the buffer

Router# monitor capture buffer <tracename> export

Problem: Sometimes a Packet Capture would be useful for Troubleshooting, Security or Application Analysis, Baselining, etc. BUT: deploying Packet Sniffers is slow, expensive and requires local skillsand equipment ...

4. Start / Stop capture points

Router# monitor capture point start …

http://www.cisco.com/go/epc


Troubleshooting & Optimization

Example: process-switched traffic – 2/25. … or export as PCAP file and analyze externally

Router# monitor capture buffer my-buffer export tftp://10.10.10.10/mypcap


See: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_snmp_sup.html

EASy

EASy – Adding a Custom MIB OID 1/2

Problem: Collect data via SNMP, even if there is no MIB support currently available.

Solution: Expression-MIB provides the capability to process data into more relevant information via SNMP

– Expression-MIB can be configured using SNMP directly since 12.0(5)T.

– Initially Cisco Implementation was based on OID 1.3.6.1.4.1.9.10.22 but current Cisco implementation is based on RFC2982-MIB, OID 1.3.6.1.2.1.90.

– In 12.4(20)T Expression-MIB feature is enhanced to add CLIs to configure expressions.

Expression-MIB can gather data from Command Line Interface (CLI show commands), even if there is no MIB support

EEM 3.1 will provide similar capability without the need to involve the Expression-MIB

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_snmp_sup.html


Is a certain value from a

"CLI show command"

supported in your device via SNMP?

Reference:

http://www.cisco.com/go/mibs

•SNMP Object Navigator

•Cisco IOS MIB Locator

Yes

Is the

Expression-MIB(1)

Supported in your

Device?

NoEEM 3.1

Yes

Running

12.4(20)T or

higher?

No

YesScript #1 EEM policy based on CLI Expression-MIB

Script #2EEM policy based on the RFC2982-MIB

No

Script #3EEM policy based on the Expression-MIB

Support for

RFC2982-MIB?

Yes

No

See: This is available as an EASy package from CiscoBeyond

http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1961

Adding a Custom MIB OID 2/2

http://www.cisco.com/go/mibs

http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1961


EEM Applet Policy

Step 1 – Configure Env Var

Configure necessary EEM environment variable

Step 2 -- Register Policy

register the policy with the applet policy engine

Step 3 -- Establish Event Trigger

Define the event that triggers the policy

Step 4 -- Define Action

Define the action to take upon detection of the event

event manager environment_email_server 172.27.121.177

event manager applet email_hsrp_state_change

event syslog pattern ".*%HSRP-5-STATECHANGE.*"

action 1.0 info type routername

action 1.1 cli command "enable"

action 1.3 cli command "show standby | append

hsrp_state_change"

action 1.4 cli command "show standby brief | append

hsrp_state_change“

………..

action 1.8 mail server "$_email_server" to

"$_email_to" from "$_email_from" subject

"HSRP_STATE_CHANGE Alert from

$_info_routername: $_syslog_msg" body "$_cli_result"


EEM TCL Policy

Step 1 – Register User Directories

Register user policy directory and user library directory

Step 2 – Code Policies Offline

No online editor available.

Step 3 – Download Policy

Download TCL policies using standard IOS file transfer mechanisms

Support script auto refresh from remote location

Step 4 – EEM Environment Variable Configuration

Step 5 – Register Policy

Register policy to TCL policy engine

mkdir disk2:/eem

event manager directory user policy disk2:/eem

event manager directory user library disk2:/eemlib

copy tftp disk2:/eem

Address or name of remote host []? 10.1.88.9

Source filename []? sl_cfgSaveRemT.tcl

Destination filename [sl_cfgSaveRemT.tcl]?

eem/sl_cfgSaveRemT.tcl

Accessing tftp://10.1.88.9/sl_cfgSaveRemT.tcl...!

1232 bytes copied in 0.620 secs (1987 bytes/sec)

event manager update user policy group “*.tcl”

repository tftp://2.2.2.2/users2/jpfeifer/eem_1

event manager policy sl_cfgSaveRemT.tcl type user

event manager environment _email_server

172.27.121.177

embedded event manager (eem) - cisco · step 1 –register user directories register user policy...

Documents