Embedded event manager

Last updated

Cisco Embedded Event Manager (EEM) is a feature included in Cisco's IOS operating system (and some other Cisco OSes such as IOS-XR, IOS-XE, and NX-OS) that allow programmability and automation capabilities inside the device. EEM allows the behavior of a Cisco device to adapt to specific user requirements by allowing scripting, thresholding, proactive actions, data collection and event management inside the Cisco device itself. Using EEM, problems can be identified and resolved automatically in advance by setting event triggers (called Event Detectors) to watch for specific types of situations or thresholds, or run a set of actions periodically.

Contents

Cisco embedded management family

EEM is a member of a family of embedded management technologies in Cisco IOS including SNMP, NetFlow, IP SLA, Web Services Management Agent, Syslog, ESM (Embedded Syslog Manager), ERM (Embedded Resource Manager), EMM (Embedded Menu Manager), Tcl and Service Diagnostics.

When a situation is detected by EEM, it uses policies to invoke actions based on the type of event and the configured policy. EEM currently supports three different types of programming actions (see Programming Capabilities below).

About

With EEM, users can capture complex network events and run sophisticated programs on Cisco devices. The version of EEM on most Cisco devices is version 2.1, or version is 3.0 which was introduced in IOS 12.4(22)T. The latest version is version 4.0, which was released November 2011, targeting IOS releases 12.2SR, 12.2SB, 12.4, and 12.4T, 15.0M, 12.2SG, 12.2SE, Cisco IOS XE, and future versions. EEM consists of three areas; event detectors, policies and programming languages.

Event detectors

The brains of EEM are event detectors. These event detectors are built-in capabilities to watch for specific situations or conditions. Newer versions of EEM have more event detectors than older ones.

Typical of EEM Event Detectors:

Policies

Policies determine what is run when an event is detected. Policies save users from having to enumerate an action for every possible event.

Programming capabilities

EEM supports three methods of programmability and scripting.

  1. Applets - these allow CLI to be run when a certain set of conditions occurs
  2. Tcl - when more complex programs need to be built, EEM supports Tcl (Tool Command Language) development
  3. IOS.sh - newer versions of IOS support IOS.sh (IOS shell) macros similar to Linux bash shell

Version comparison

EEM Version1.02.02.12.1.52.2/2.32.43.0
IOS Version Introduced12.3(4)T, 12.0(26)S12.2(27)SBC12.3(14)T1, 12.2(28)SBC, 12.2(33)SR12.2(18)SXF4 (IOS with modularity) 12.2(18)SXF5 (IOS)12.4(2)T, 12.2(33)SRB1, 12.4(11)T (EEM 2.3), 12.2(33)SRC (EEM 2.3), 12.2(33)SXH (EEM 2.3)12.4(20)T, 12.2(40)SE, 12.2(40)SG, 12.2(33)SXI12.4(22)T
Syslog, SNMP EDsXXXXXXX
Syslog, SNMP ActionsXXXXXXX
Watchdog, Counter, Interface Counter, Timer, Application-Specific EDsXXXXXX
Counter Modification, System Info, Email ActionsXXXXXX
OIR, CLI EDsXXXXX
User and System Tcl PoliciesXXXXX
GOLD, System Manager, WDSysMon EDsXXXX
Resource, RF, EOT EDsXXX
Multiple event support, SNMP Proxy, XML RPC EDsXX
Programmatic applets, Netflow, IP SLA, Routing EDsX

Example

There are four steps to setting up an EEM system. In this example, we will get an email of the status of the system when the HSRP state changes. This example defines an applet action rather than Tcl.

  1. event manager environment _email_server 172.27.121.177<-- define the environment variable
  2. event manager environment _email_to EMAIL_ADDRESS<-- define the address to which email will be sent
  3. event manager environment _email_from EMAIL_ADDRESS<-- define the address from which the email will be sent
  4. event manager applet email_hsrp_state_change<-- set up the policy
  5. event syslog pattern ".*%HSRP-5-STATECHANGE.*"<-- define the trigger
  6. action 1.0 info type routername<-- obtain the current device hostname and place it in the $_info_routername variable
  7. action 1.1 cli command "enable"<-- actions such as writing to flash, making config changes, etc. require enable privilege
  8. append flash:hsrp_state_change.txt"<-- write some debugging output to flash
  9. flash:append hsrp_state_change.txt"<-- more debugging output
  10. action 1.5 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "HSRP_STATE_CHANGE Alert from $_info_routername: $_syslog_msg" body "$_cli_result"<-- send an email with the result of the last CLI command in the body of the message

Network management software and tools support

Network management Software utilizing EEM include:

Related Research Articles

In computing, an applet is any small application that performs one specific task that runs within the scope of a dedicated widget engine or a larger program, often as a plug-in. The term is frequently used to refer to a Java applet, a program written in the Java programming language that is designed to be placed on a web page. Applets are typical examples of transient and auxiliary applications that do not monopolize the user's attention. Applets are not full-featured application programs, and are intended to be easily accessible.

In network management, fault management is the set of functions that detect, isolate, and correct malfunctions in a telecommunications network, compensate for environmental changes, and include maintaining and examining error logs, accepting and acting on error detection notifications, tracing and identifying faults, carrying out sequences of diagnostics tests, correcting faults, reporting error conditions, and localizing and tracing faults by examining and manipulating database information.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

Curl is a reflective object-oriented programming language for interactive web applications whose goal is to provide a smoother transition between formatting and programming. It makes it possible to embed complex objects in simple documents without needing to switch between programming languages or development platforms. The Curl implementation initially consisted of just an interpreter, but a compiler was added later.

The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems. The system is a package of routing, switching, internetworking, and telecommunications functions integrated into a multitasking operating system. Although the IOS code base includes a cooperative multitasking kernel, most IOS features have been ported to other kernels, such as Linux and QNX, for use in Cisco products.

FCAPS is the ISO Telecommunications Management Network model and framework for network management. FCAPS is an acronym for fault, configuration, accounting, performance, security, the management categories into which the ISO model defines network management tasks. In non-billing organizations accounting is sometimes replaced with administration.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

Expect is an extension to the Tcl scripting language written by Don Libes. The program automates interactions with programs that expose a text terminal interface. Expect, originally written in 1990 for the Unix platform, has since become available for Microsoft Windows and other systems.

<span class="mw-page-title-main">NetworkManager</span> Software

NetworkManager is a daemon that sits on top of libudev and other Linux kernel interfaces and provides a high-level interface for the configuration of the network interfaces.

<span class="mw-page-title-main">NETCONF</span> Network management protocol

The Network Configuration Protocol (NETCONF) is a network management protocol developed and standardized by the IETF. It was developed in the NETCONF working group and published in December 2006 as RFC 4741 and later revised in June 2011 and published as RFC 6241. The NETCONF protocol specification is an Internet Standards Track document.

Netcordia, Inc. was a developer and marketer of network configuration and change management software. Founded in 2000 by Terry Slattery, the first non-Cisco employee to be awarded the Cisco Certified Internetwork Expert certification, Netcordia developed networking software that automate the management of network configurations, by tracking network changes and compliance requirements, such as PCI DSS, HIPAA, SOX and GLBA, and correlating how change impacts network health and performance.

<span class="mw-page-title-main">Shinken (software)</span> Network monitoring software

Shinken is an open source computer system and network monitoring software application compatible with Nagios. It watches hosts and services, gathers performance data and alerts users when error conditions occur and again when the conditions clear.

<span class="mw-page-title-main">Command-line interface</span> Computer interface that uses text

A command-line interface (CLI) is a means of interacting with a computer program by inputting lines of text called command-lines. Command-line interfaces emerged in the mid-1960s, on computer terminals, as a user-friendly alternative to punched cards. Operating system command-line interfaces are often implemented with command-line interpreters or command-line processors.

In computer networking, Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is Cisco's line of network security devices introduced in May 2005. It succeeded three existing lines of popular Cisco products:

DNOS or Dell Networking Operating System is a network operating system running on switches from Dell Networking. It is derived from either the PowerConnect OS or Force10 OS/FTOS and will be made available for the 10G and faster Dell Networking S-series switches, the Z-series 40G core switches and DNOS6 is available for the N-series switches.

Tcl is a high-level, general-purpose, interpreted, dynamic programming language. It was designed with the goal of being very simple but powerful. Tcl casts everything into the mold of a command, even programming constructs like variable assignment and procedure definition. Tcl supports multiple programming paradigms, including object-oriented, imperative, functional, and procedural styles.

PA Server Monitor is a server and network monitoring software from Power Admin LLC. PA Server Monitor focuses primarily on server and network health through numerous resource checks, reports, and alerting options. The agentless, on-premises software can monitor thousands of devices from a single installation. The monitored devices can be desktop computers, servers, routers and other devices.

<span class="mw-page-title-main">SNAMP</span>

SNAMP is an open-source, cross-platform software platform for telemetry, tracing and elasticity management of distributed applications.

References

    Further reading

    EEM-Based Solution Development

    Training

    This page is based on this Wikipedia article
    Text is available under the CC BY-SA 4.0 license; additional terms may apply.
    Images, videos and audio are available under their respective licenses.