Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1213
Views
0
Helpful
2
Replies

Having problem when I email the results of a config change from eem

TODD RIEMENSCHNEIDER
Level 1
Level 1

‎05-28-2015 06:10 AM

The results of the 'show archive log config all' not showing up in body of email. Instead I'm getting the following error in the email. 

 


From: lab-cmh1-dc-ds1@********.net [mailto:lab-cmh1-dc-ds1@*********.net]
Sent: Thursday, May 28, 2015 12:54 AM
To: Todd ********
Subject: config-change

 

                ^

% Invalid input detected at '^' marker.

 

lab-cmh1-dc-ds1>

 

 

config on switch

archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys

 

 

event manager applet Config_Change
 event syslog pattern ".*%SYS-5-CONFIG_I.*"
 action 1.0 info type routername
 action 1.1 cli command "enable"
 action 1.2 cli command "show archive log config all"
 action 1.4 mail server "10.0.100.222" to "todd******@******.com" from "lab-cmh1-dc-ds1@****.net" subject "config-change" body "$_cli_result"

action 1.5 cli command "clear archive log config force"

!

Configs are logging into syslog

 

*May 28 04:57:01.944: %PARSER-5-CFGLOG_LOGGEDCMD: User:tr********  logged command:event manager applet Config_Change
*May 28 04:57:08.600: %PARSER-5-CFGLOG_LOGGEDCMD: User:tr********  logged command:action 1.5 cli command "clear archive log config force"

 

 

lab-cmh1-dc-ds1#show event manager version
Embedded Event Manager Version 4.00
Component Versions:
eem: (rel8)1.1.3
eem-gold: (rel1)1.0.2
eem-call-home: (rel2)1.0.4
Event Detectors:
Name                Version   Node        Type
application         01.00     node1/0     RP
rf                  01.00     node1/0     RP
identity            01.00     node1/0     RP
mat                 01.00     node1/0     RP
neighbor-discovery  01.00     node1/0     RP
msp                 03.00     node1/0     RP
syslog              01.00     node1/0     RP
routing             03.00     node1/0     RP
generic             01.00     node1/0     RP
cli                 01.00     node1/0     RP
counter             01.00     node1/0     RP
interface           01.00     node1/0     RP
ioswdsysmon         01.00     node1/0     RP
none                01.00     node1/0     RP
oir                 01.00     node1/0     RP
snmp                01.00     node1/0     RP
timer               01.00     node1/0     RP
snmp-object         01.00     node1/0     RP
snmp-notification   01.00     node1/0     RP
ipsla               01.00     node1/0     RP
nf                  01.00     node1/0     RP
test                01.00     node1/0     RP
config              01.00     node1/0     RP
env                 01.00     node1/0     RP
ds                  01.00     node1/0     RP
crash               01.00     node1/0     RP
gold                01.00     node1/0     RP
rpc                 01.00     node1/0     RP

lab-cmh1-dc-ds1#

 

 

Labels:
0 Helpful
2 Replies 2

TODD RIEMENSCHNEIDER
Level 1
Level 1

‎05-28-2015 07:38 AM

After a looking at this a little more I believe this has to do with account privileges in AAA. I will investigate further provide an update.

0 Helpful

TODD RIEMENSCHNEIDER
Level 1
Level 1
In response to TODD RIEMENSCHNEIDER

‎05-28-2015 08:15 AM

Issue resolved. Bypass was what I was missing.

!
event manager applet Config_Change authorization bypass
 event config
 action 1.0 info type routername
 action 1.1 cli command "enable"
 action 1.2 cli command "show archive log config all"
 action 1.4 mail server "10.0.100.222" to "todd******@******.com" from "lab-cmh1-dc-ds1@*****.net" subject "config-change" body "$_cli_result"
 action 1.5 cli command "clear archive log config force"
!
end

 

0 Helpful
Customers Also Viewed These Support Documents