Today, I was facing an issue on a client network. After some troubleshooting, I was supposing that a MAC address was duplicated on the network and appears randomly on a physical interface.
But as I didn't would like pass my day to check the mac database of the switch for this specific interface, I have decided to use an EEM script. This EEM script detects new entry in MAC database for the specific interface and generates a log message with an alert level of priority. These levels messages are forwarded by the syslog server to my mailbox! Once I have received the message, I can check manually on the switch which MAC appears on the interface. Below, the script used in order to troubleshoot this issue:
event manager applet MAC-ADD
event mat interface GigabitEthernet0/24 type add
action 1.0 syslog priority alerts msg "NEW MAC on ADD Gi0/24"
!
event manager applet MAC-DEL
event mat interface GigabitEthernet0/24 type delete
action 1.0 syslog priority alerts msg "MAC DELETED on Gi0/24"
Showing posts with label EEM. Show all posts
Showing posts with label EEM. Show all posts
Thursday, October 23, 2014
Saturday, October 12, 2013
Track and modify a route with EEM!
This script EEM aims to add or delete a static ip route. Each 10 seconds a ping is sent to a host. If this ping fails a static route is deleted. If this host responds, a route is added. If this host responds and if the route is already in the routing table, no change is done.
event manager applet Route_redisribute
event tag 1.0 timer watchdog time 10
action 001 cli command "enable"
action 002 cli command "ping 10.1.37.3"
action 003 regexp "!!" "$_cli_result"
action 004 if $_regexp_result eq 1
action 005 cli command "show ip route static"
action 006 regexp "10.12.37.0/24" "$_cli_result"
action 007 if $_regexp_result ne 1
action 008 cli command "conf t"
action 009 cli command "ip route 10.12.37.0 255.255.255.0 10.1.37.8 tag 100"
action 010 end
action 011 else
action 012 continue
action 013 else
action 014 cli command "conf t"
action 015 cli command "no ip route 10.12.37.0 255.255.255.0 10.1.37.8 tag 100"
action 016 end
!
end
In order to debug this script, the following command is helpful:
debug event manager action cli
event manager applet Route_redisribute
event tag 1.0 timer watchdog time 10
action 001 cli command "enable"
action 002 cli command "ping 10.1.37.3"
action 003 regexp "!!" "$_cli_result"
action 004 if $_regexp_result eq 1
action 005 cli command "show ip route static"
action 006 regexp "10.12.37.0/24" "$_cli_result"
action 007 if $_regexp_result ne 1
action 008 cli command "conf t"
action 009 cli command "ip route 10.12.37.0 255.255.255.0 10.1.37.8 tag 100"
action 010 end
action 011 else
action 012 continue
action 013 else
action 014 cli command "conf t"
action 015 cli command "no ip route 10.12.37.0 255.255.255.0 10.1.37.8 tag 100"
action 016 end
!
end
In order to debug this script, the following command is helpful:
debug event manager action cli
Friday, August 16, 2013
Troubleshoot HIGH CPU during the night !
You will find below another EEM configuration. This script is useful in order to determine the root cause of an high CPU.
Some high CPU alerts can be generated during off hours. Obviously, nobody is working during the night in order to diagnose this alert! It's why I have created the script below.
If an high CPU syslog message ("%SYS-1-CPURISINGTHRESHOLD") is detected, the command "show proc cpu sorted 5min" is executed. The result of this command is then send to a mailbox.
process cpu threshold type total rising 80 interval 30
!
event manager applet ALERT-CPU
event syslog pattern "%SYS-1-CPURISINGTHRESHOLD"
action 1.0 cli command "enable"
action 2.0 cli command "show proc cpu sorted 5min"
action 3.0 mail server "172.16.10.10" to "NetAdmin@mybox.com" from "myswitch@mylab.lab" subject "CPU Alert 5 min" body "$_cli_result"
Thursday, June 20, 2013
Detect High CPU on a Cisco Switch
Recently, I have had an issue on a Core Switch. This switch was running at 80% of CPU for 3 days. The CPU was not monitored and we have not received a syslog message on our server.
Also, I have decided to use the following command (on 4k5) in order to trigger a syslog alert in case of High CPU:
process cpu threshold type total rising 60 interval 20
This command trigger a syslog alert if the CPU exceeds 60 percent for a period of 20 seconds.
Also, I have decided to use the following command (on 4k5) in order to trigger a syslog alert in case of High CPU:
process cpu threshold type total rising 60 interval 20
This command trigger a syslog alert if the CPU exceeds 60 percent for a period of 20 seconds.
Subscribe to:
Posts (Atom)