Here’s a tip to become alerted when an interface is down (in this case a VPN tunnel). The script can be adapted to look for any pattern in the syslog and send a triggered email message:
event manager environment _ifDown_rcpt somebody@somewhere.com
event manager session cli username “admin”
event manager applet MailOnIfDown
event syslog occurs 1 pattern “%LINEPROTO-5-UPDOWN.* Tunnel” period 1
action 1.0 mail server “smtp-server@somewhere.com” to “$_ifDown_rcpt” from “router-hostname@somewhere.com” subject “DON’T PANIC – Tunnel Changed State!” body “$_syslog_msg”
!
end
Read more…
This recipe describes a simple method to send DHCP bindings from a Cisco router to a remote TFTP server running on Windows. A batch file renanes and date-stamps the file and another batch file removes the archived files after a retention period:
EEM SCRIPT ON CISCO ROUTER:
(Note: the cron entry sends the file every 5 minutes)
event manager session cli username “your_username” (NOTE: this is required if tacacs+ is running on the router)
event manager applet copy-dhcp-bindings
event timer cron cron-entry “*/5 * * * * ”
action 0.5 cli command “enable”
action 1.0 cli command “show ip dhcp binding | redirect tftp://[ip_address]/bindings.txt”
!
end Read more…
Here is a handy way to use EEM to failover to a second ISP – use with a route-map:
Cisco EEM configuration: Read more…
INTERFACE EVENTS:
Two EEM applets measure rxload on an interface at 30-second intervals. When a threshold is reached an ACL is applied to only permit important traffic thereby reducing the load.
1) When the Rx load is above 50% the access-list is applied.
2) When the Rx load goes below 25, the access-list is removed. Read more…
CLI EVENT DETECTOR:
The EEM applet prevents the “debugging” command being executed on the CLI. Any attempt will store the system clock and user’s on the flash. Read more…
SYSLOG EVENT DETECTOR:
When an interface has been shutdown, the EEM applet re-enables interface and sends an email alert with logged in users information. Read more…
This EEM applet reads the Cisco “cpmCPUTotal5sec” object variable in the CISCO-PROCESS-MIB and triggers when the threshold exceeds 60 %. Three files are stored on the flash, containing the output of the CLI command “show process cpu | sorted” and “show ip traffic” as well as the current syslog. Read more…