Nate204
asked on
EEM: Pull vpn VRF interface desc. from BGP syslog
Hello everyone,
I'm rather new to the forums and my searching hasn't been quite as successful as I had hoped.
As the title suggests, I'm trying to collect additional information in my syslogs.
Goal : Create a syslog that follows the one below that includes the VRF description.
Here is my IOS version and an example syslog:
Device:
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.2(4)M2, RELEASE SOFTWARE (fc2)
----
"The Router named R1 with IP 1.1.1.1 sent the following syslog at 08:07:01 PM:
PassiveMonitor.Payload.Mes
(I've modified the output just a little, but the situation stays the same.)
----
From what I've read, it seems like I could do this via Cisco EEM. I'm currently reading about TCL but I really feel like this is something EEM can tackle.
The reasoning behind it is that this device has 300+ VRFs configured and each one is quite specific to its own environment. We've assisted documentation by adding accurate descriptions to each one, but when it's not included in a syslog it makes troubleshooting that much harder. It would be nice to know which environment is in question when these logs are received.
Many thanks as this is something that's been troubling me for quite some time.
(I'm very new to EEM. I'm currently working towards my CCNA this is not covered in the material. It's very exciting to work with though!)
Edit to assist:
One thing I thought of would be to create a list that looks like this:
event manager applet vrf_300
event syslog pattern "vpn vrf 300"
action 1.0 syslog msg "VRF 300: Name"
event manager applet vrf_400
event syslog pattern "vpn vrf 400"
action 1.0 syslog msg "VRF 400: Name"
event manager applet vrf_500
event syslog pattern "vpn vrf 500"
action 1.0 syslog msg "VRF 500: Name"
The down side is that it would be a rather extensive list and would require maintenance every time a VRF is changed / added / removed.
I'm rather new to the forums and my searching hasn't been quite as successful as I had hoped.
As the title suggests, I'm trying to collect additional information in my syslogs.
Goal : Create a syslog that follows the one below that includes the VRF description.
Here is my IOS version and an example syslog:
Device:
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.2(4)M2, RELEASE SOFTWARE (fc2)
----
"The Router named R1 with IP 1.1.1.1 sent the following syslog at 08:07:01 PM:
PassiveMonitor.Payload.Mes
(I've modified the output just a little, but the situation stays the same.)
----
From what I've read, it seems like I could do this via Cisco EEM. I'm currently reading about TCL but I really feel like this is something EEM can tackle.
The reasoning behind it is that this device has 300+ VRFs configured and each one is quite specific to its own environment. We've assisted documentation by adding accurate descriptions to each one, but when it's not included in a syslog it makes troubleshooting that much harder. It would be nice to know which environment is in question when these logs are received.
Many thanks as this is something that's been troubling me for quite some time.
(I'm very new to EEM. I'm currently working towards my CCNA this is not covered in the material. It's very exciting to work with though!)
Edit to assist:
One thing I thought of would be to create a list that looks like this:
event manager applet vrf_300
event syslog pattern "vpn vrf 300"
action 1.0 syslog msg "VRF 300: Name"
event manager applet vrf_400
event syslog pattern "vpn vrf 400"
action 1.0 syslog msg "VRF 400: Name"
event manager applet vrf_500
event syslog pattern "vpn vrf 500"
action 1.0 syslog msg "VRF 500: Name"
The down side is that it would be a rather extensive list and would require maintenance every time a VRF is changed / added / removed.
Quori
Before getting in to it too much - why not just use descriptive VRF names?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This comment includes the solution to the question I had. You can paste it into a Cisco device that supports EEM 3.4 and it will take it without error. I currently have it deployed on a device that's running EEM 4.0 and I've had no issues.