This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. (November 2015) |
Cisco Embedded Event Manager (EEM) is a feature included in Cisco's IOS operating system (and some other Cisco OSes such as IOS-XR, IOS-XE, and NX-OS) that allow programmability and automation capabilities inside the device. EEM allows the behavior of a Cisco device to adapt to specific user requirements by allowing scripting, thresholding, proactive actions, data collection and event management inside the Cisco device itself. Using EEM, problems can be identified and resolved automatically in advance by setting event triggers (called Event Detectors) to watch for specific types of situations or thresholds, or run a set of actions periodically.
Cisco embedded management family
editEEM is a member of a family of embedded management technologies in Cisco IOS including SNMP, NetFlow, IP SLA, Web Services Management Agent, Syslog, ESM (Embedded Syslog Manager), ERM (Embedded Resource Manager), EMM (Embedded Menu Manager), Tcl and Service Diagnostics.
When a situation is detected by EEM, it uses policies to invoke actions based on the type of event and the configured policy. EEM currently supports three different types of programming actions (see Programming Capabilities below).
About
editWith EEM, users can capture complex network events and run sophisticated programs on Cisco devices. The version of EEM on most Cisco devices is version 2.1, or version is 3.0 which was introduced in IOS 12.4(22)T. The latest version is version 4.0, which was released November 2011, targeting IOS releases 12.2SR, 12.2SB, 12.4, and 12.4T, 15.0M, 12.2SG, 12.2SE, Cisco IOS XE, and future versions. EEM consists of three areas; event detectors, policies and programming languages.
Event detectors
editThe brains of EEM are event detectors. These event detectors are built-in capabilities to watch for specific situations or conditions. Newer versions of EEM have more event detectors than older ones.
Typical of EEM Event Detectors:
- SNMP
- OIR (Online Insertion and Removal)
- CLI command-line interface
- Syslog
- XML-RPC
- IP SLAs
- NetFlow
- Application specific event
- Config change
- Interface counters
- Redundancy framework
- SNMP notification (i.e. when the device receives a trap)
- Resource
- Timer
- Timer subscriber
- IOS Process
- Counter
- GOLD (Generic OnLine Diagnostics)
- Environmental
- Routing
- Enhanced Object Tracking (EOT)
- None (launch the event manually)
Policies
editPolicies determine what is run when an event is detected. Policies save users from having to enumerate an action for every possible event.
Programming capabilities
editEEM supports three methods of programmability and scripting.
- Applets - these allow CLI to be run when a certain set of conditions occurs
- Tcl - when more complex programs need to be built, EEM supports Tcl (Tool Command Language) development
- IOS.sh - newer versions of IOS support IOS.sh (IOS shell) macros similar to Linux bash shell
Version comparison
editEEM Version | 1.0 | 2.0 | 2.1 | 2.1.5 | 2.2/2.3 | 2.4 | 3.0 |
---|---|---|---|---|---|---|---|
IOS Version Introduced | 12.3(4)T, 12.0(26)S | 12.2(27)SBC | 12.3(14)T1, 12.2(28)SBC, 12.2(33)SR | 12.2(18)SXF4 (IOS with modularity) 12.2(18)SXF5 (IOS) | 12.4(2)T, 12.2(33)SRB1, 12.4(11)T (EEM 2.3), 12.2(33)SRC (EEM 2.3), 12.2(33)SXH (EEM 2.3) | 12.4(20)T, 12.2(40)SE, 12.2(40)SG, 12.2(33)SXI | 12.4(22)T |
Syslog, SNMP EDs | X | X | X | X | X | X | X |
Syslog, SNMP Actions | X | X | X | X | X | X | X |
Watchdog, Counter, Interface Counter, Timer, Application-Specific EDs | X | X | X | X | X | X | |
Counter Modification, System Info, Email Actions | X | X | X | X | X | X | |
OIR, CLI EDs | X | X | X | X | X | ||
User and System Tcl Policies | X | X | X | X | X | ||
GOLD, System Manager, WDSysMon EDs | X | X | X | X | |||
Resource, RF, EOT EDs | X | X | X | ||||
Multiple event support, SNMP Proxy, XML RPC EDs | X | X | |||||
Programmatic applets, Netflow, IP SLA, Routing EDs | X |
Example
editThere are four steps to setting up an EEM system. In this example, we will get an email of the status of the system when the HSRP state changes. This example defines an applet action rather than Tcl.
- event manager environment _email_server 172.27.121.177 <-- define the environment variable
- event manager environment _email_to EMAIL_ADDRESS <-- define the address to which email will be sent
- event manager environment _email_from EMAIL_ADDRESS <-- define the address from which the email will be sent
- event manager applet email_hsrp_state_change <-- set up the policy
- event syslog pattern ".*%HSRP-5-STATECHANGE.*" <-- define the trigger
- action 1.0 info type routername <-- obtain the current device hostname and place it in the $_info_routername variable
- action 1.1 cli command "enable" <-- actions such as writing to flash, making config changes, etc. require enable privilege
- append flash:hsrp_state_change.txt" <-- write some debugging output to flash
- flash:append hsrp_state_change.txt" <-- more debugging output
- action 1.5 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "HSRP_STATE_CHANGE Alert from $_info_routername: $_syslog_msg" body "$_cli_result" <-- send an email with the result of the last CLI command in the body of the message
Network management software and tools support
editNetwork management Software utilizing EEM include:
References
edit
Further reading
edit- Blair, Ray; Durai, Arvind; Lautmann, John (2010). "Embedded Event Manager (EEM)". TcL Scripting for Cisco IOS. Networking Technology Series. Cisco Press. ISBN 9781587059452.
External links
editEEM-Based Solution Development
edit- Progrizon, Inc. EEM Solution Development and Consulting Archived 2011-07-15 at the Wayback Machine