Cisco Event Manager

Hi all,

My goal was to set a Cisco to find a network failure and emerge without the need to intervene,
So what I did was set a "track" monitoring ping a network host, in case the ping fails set the router to send a syslog messege and  reboot itself.

The simplest way I found was :

Set the ping :
ip sla 1
ip sla schedule 1 life forever start-time now ageout 900
ping's the IP, fail in case no reply for 900 Seconds (15Min)

set the monitor :
                track 1 ip sla 1
    delay down 180
Even if the SLA shows down, wait another 180 seconds before actually reporting the fail.

And finally:
event manager applet Internet-Failure
 event track 1 state down
 action 1 syslog msg "Internet Failure, Rebooting!"
 action 2 reload
In case "track 1" is down, first send a syslog messege saying "Internet Failure, Rebooting!" and then reboot.
Instead of rebooting we can set a great deal of other commands,
But again – it’s the simplest one.

Another useful way to use the Event manager is to monitor network changes and informing them by mail,
For example monitor system resources.

On my Cisco use it to monitor the CPU of the device, the configuration looks like this :

First – when to use the event manager :
resource policy
  policy HighCPU global
    cpu total
     critical rising 90 interval 5
     major rising 70 interval 10
   user global HighCPU  
Now the event itself :
event manager applet CPU
 event resource policy "HighCPU"
 action 1 cli command "enable"
 action 2 cli command " show processes cpu sorted 5min | inc utilization|[1-9]\...%"
 action 3 mail server "username:[email protected]" to "[email protected]" from "[email protected]" subject "Cisco High CPU" body "$_cli_result"

In that case, when the resource policy in case the CPU is higher than 90% for longer than 10 Seconds the Cisco sends the a mail to " [email protected]"
using the server "" (after basic authentication),
the mail will contain all the processes that use at least 1% CPU utilization.

Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR

1 comment:

  1. I could use the ip sla for protocols that have built-in track monitoring, didn't know about the event manager until now. Awesome :)